Bug 1248181
Summary: | Cloud Provisioning dialogs do not apply RBAC filtering to resources displayed in dialog fields | |||
---|---|---|---|---|
Product: | Red Hat CloudForms Management Engine | Reporter: | Greg McCullough <gmccullo> | |
Component: | Provisioning | Assignee: | Drew Bomhof <dbomhof> | |
Status: | CLOSED ERRATA | QA Contact: | Aziza Karol <akarol> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 5.4.0 | CC: | jhardy, mfeifer, obarenbo, simaishi | |
Target Milestone: | GA | |||
Target Release: | 5.5.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | 5.5.0.11 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1275782 (view as bug list) | Environment: | ||
Last Closed: | 2015-12-08 13:24:32 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1275782 |
Description
Greg McCullough
2015-07-29 19:41:23 UTC
Brandon - The MiqRequestWorkflow class has a process_filter_all method which it looks like we can use here. Areas to be filtered: Shared (Openstack/Amazon) Availability Zone Security Group Instance Type (Flavor) Openstack: Tenant New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/4ed0283d689da161d08a16435bf260e02dee50d9 commit 4ed0283d689da161d08a16435bf260e02dee50d9 Author: Drew Bomhof <dbomhof> AuthorDate: Wed Oct 21 09:32:29 2015 -0400 Commit: Drew Bomhof <dbomhof> CommitDate: Fri Oct 23 13:51:28 2015 -0400 Applied RBac to cloud provisioning dialogs https://bugzilla.redhat.com/show_bug.cgi?id=1248181 Extracted behavior for applying Rbac into a new method - get_targets_for_ems Applied Rbac for shared cloud provisioning dialogs - Availability Zone, Security Group, Instance Type (Flavor) Applied Rbac for Openstack provisioning dialog - Tenant .../amazon/cloud_manager/provision_workflow.rb | 16 ++- .../providers/cloud_manager/provision_workflow.rb | 23 +++- .../openstack/cloud_manager/provision_workflow.rb | 13 +- .../cloud_manager/provision_workflow_spec.rb | 121 +++++++++++++++++- .../cloud_manager/provision_workflow_spec.rb | 142 ++++++++++++++++++++- 5 files changed, 289 insertions(+), 26 deletions(-) Pulling this one back to ON_DEV because we found some issues with some of the filtering logic. New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/699059f52b7faecb98fa331cb5943586e4ad7897 commit 699059f52b7faecb98fa331cb5943586e4ad7897 Author: Drew Bomhof <dbomhof> AuthorDate: Thu Nov 5 18:22:42 2015 -0500 Commit: Drew Bomhof <dbomhof> CommitDate: Thu Nov 5 18:22:42 2015 -0500 Correctly handled applying Rbac to cloud provisioning security groups Created a method: get_targets_for_source which manages applying Rbac to a passed in source as opposed to finding the External Management System (ems) on that source. https://bugzilla.redhat.com/show_bug.cgi?id=1248181 .../providers/amazon/cloud_manager/provision_workflow.rb | 8 +++----- .../manageiq/providers/cloud_manager/provision_workflow.rb | 10 +++++----- .../providers/amazon/cloud_manager/provision_workflow_spec.rb | 2 +- 3 files changed, 9 insertions(+), 11 deletions(-) New commit detected on cfme/5.5.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=13e6adc845a8bacb3e0752a8fffb14478002d6ea commit 13e6adc845a8bacb3e0752a8fffb14478002d6ea Author: Drew Bomhof <dbomhof> AuthorDate: Thu Nov 5 18:22:42 2015 -0500 Commit: Drew Bomhof <dbomhof> CommitDate: Fri Nov 13 15:35:27 2015 -0500 Correctly handled applying Rbac to cloud provisioning security groups Created a method: get_targets_for_source which manages applying Rbac to a passed in source as opposed to finding the External Management System (ems) on that source. https://bugzilla.redhat.com/show_bug.cgi?id=1248181 .../providers/amazon/cloud_manager/provision_workflow.rb | 8 +++----- .../manageiq/providers/cloud_manager/provision_workflow.rb | 10 +++++----- .../providers/amazon/cloud_manager/provision_workflow_spec.rb | 2 +- 3 files changed, 9 insertions(+), 11 deletions(-) New commit detected on cfme/5.5.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=8f68b17960c8b1eb5b436cd58464a71aac214fed commit 8f68b17960c8b1eb5b436cd58464a71aac214fed Merge: 32732a7 13e6adc Author: Greg McCullough <gmccullo> AuthorDate: Fri Nov 13 17:00:37 2015 -0500 Commit: Greg McCullough <gmccullo> CommitDate: Fri Nov 13 17:00:37 2015 -0500 Merge branch '5.5.z_apply_rbac_to_cloud' into '5.5.z' Correctly handled applying Rbac to cloud provisioning security groups Created a method: get_targets_for_source which manages applying Rbac to a passed in source as opposed to finding the External Management System (ems) on that source. https://bugzilla.redhat.com/show_bug.cgi?id=1248181 PR: https://github.com/ManageIQ/manageiq/pull/5322 Cherry-pick was clean See merge request !432 .../providers/amazon/cloud_manager/provision_workflow.rb | 8 +++----- .../manageiq/providers/cloud_manager/provision_workflow.rb | 10 +++++----- .../providers/amazon/cloud_manager/provision_workflow_spec.rb | 2 +- 3 files changed, 9 insertions(+), 11 deletions(-) When provisioning a cloud image the resources display in the provisioning dialog for items like Cloud Tenant and Availability Zone are filtered by RBAC. For the logged in user only those resources gets displayed in the provision dialog's with tag visibility. Verified:5.5.0.13.20151201120956_653c0d4 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:2551 |