Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1514517 - Generated manifests can have content not entitled to
Summary: Generated manifests can have content not entitled to
Alias: None
Product: Candlepin
Classification: Community
Component: candlepin
Version: 2.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Michael Stead
QA Contact: Katello QA List
Depends On:
Blocks: 1514514 1514515
TreeView+ depends on / blocked
Reported: 2017-11-17 16:25 UTC by Michael Stead
Modified: 2018-02-26 18:57 UTC (History)
5 users (show)

Fixed In Version: candlepin-2.3.1-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1514515
Last Closed: 2018-02-26 18:57:40 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Github candlepin candlepin pull 1858 None None None 2017-12-15 13:03:01 UTC

Description Michael Stead 2017-11-17 16:25:28 UTC
+++ This bug was initially created as a clone of Bug #1514515 +++

+++ This bug was initially created as a clone of Bug #1514514 +++

When a regular consumer binds to an entitlement providing product modifiers, candlepin matches on product/provided products to determine if the modified content should be added to the entitlement certificate.

However, when a distributor binds to the same entitlement, candlepin will also try to match on the derived product and derived provided products.

When an entitlement is revoked from a distributor, candlepin is currently not considering the derived products when looking up affected modifier entitlements, and therefore any potentially affected modifier entitlements would not get regenerated and will continue to have content that it shouldn't.

This will be reflected in the manifest when generated.

Steps to reproduce:

1. Create a distributor
2. Bind to a pool that has derived provided products (VDC pool should have them).
3. Bind to an pool that has a provided product that defines a modifier in a content set that matches the id of one of the derived provided products from step #2. Take note of the content URL that will modify this entitlement.
4. Generate a manifest.
5. Verify that the modified content set exists in your certificate. Use the rct tool to check the content sets of your entitlement certs:
rct cc export/entitlement_certificates/<YOUR_CERT>.pem | grep 'YOUR_MODIFIED_CONTENT_URL
6. Delete the entitlement from step #2.
7. Generate a manifest using the distributor consumer.
8. Unpack the maniest file.
9. Verify that after removing the entitlement, the modifier content remains.
rct cc export/entitlement_certificates/<YOUR_CERT>.pem | grep 'YOUR_MODIFIED_CONTENT_URL'

Expected Results:
After the entitlement removal in step #6, the manifest should NOT contain the content set defined by the product modifier.

Note You need to log in before you can comment on or make changes to this bug.