| Summary: | Heat Template provisioning does not honor Tagging filtering | |||
|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Loic Avenel <lavenel> | |
| Component: | Provisioning | Assignee: | mkanoor | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Shveta <sshveta> | |
| Severity: | low | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 5.5.0 | CC: | gmccullo, hkataria, jhardy, mpovolny, obarenbo, simaishi | |
| Target Milestone: | GA | Keywords: | TestOnly, ZStream | |
| Target Release: | 5.8.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | openstack:provision:tag:filter | |||
| Fixed In Version: | 5.8.0.0 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1411477 (view as bug list) | Environment: | ||
| Last Closed: | 2017-06-12 16:27:03 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 1411477 | |||
|
Description
Loic Avenel
2016-02-10 13:20:19 UTC
Heat templates allow for the selection of the OpenStack tenant to provision into which uses a dynamic dialog. Automate is currently not restricted to RBAC so the dynamic method is exposing all instances. Need to review further. Madhu - Heat templates provisioning is through Service dialogs which use dynamic automate methods. If we are not enforcing RBAC throughout the entire automate process (due to current status of the tenancy project) it would still be useful to allow callers to apply filtering to objects manually from within certain scripts. For example, we could expose a method like $vmdb.rbac(<object/object_array>) that would be used in the use case described in this issue to further filter the available objects based on the active user/group/tenant. Let's discuss any other possible solutions. New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/ca856952a8e5258a0348ce9d10bce9599b106aa6 commit ca856952a8e5258a0348ce9d10bce9599b106aa6 Author: Madhu Kanoor <mkanoor> AuthorDate: Tue Sep 27 15:39:45 2016 -0400 Commit: Madhu Kanoor <mkanoor> CommitDate: Thu Oct 20 12:02:56 2016 -0400 RBAC for service models Filters service model objects based on the current user passed into Automate. https://bugzilla.redhat.com/show_bug.cgi?id=1306274 https://bugzilla.redhat.com/show_bug.cgi?id=1327725 lib/miq_automation_engine/engine/miq_ae_service.rb | 3 + .../engine/miq_ae_service/miq_ae_service_rbac.rb | 53 +++++++++++++ .../engine/miq_ae_service_model_base.rb | 10 ++- .../engine/miq_ae_workspace.rb | 28 +++++++ .../engine/drb_remote_invoker_spec.rb | 4 +- .../engine/miq_ae_method_spec.rb | 3 + .../engine/miq_ae_service_rbac_spec.rb | 87 ++++++++++++++++++++++ .../miq_automation_engine/miq_ae_service_spec.rb | 12 ++- 8 files changed, 194 insertions(+), 6 deletions(-) create mode 100644 lib/miq_automation_engine/engine/miq_ae_service/miq_ae_service_rbac.rb create mode 100644 spec/lib/miq_automation_engine/engine/miq_ae_service_rbac_spec.rb Fixed . Verified in 5.8.0.12-rc1.20170425180304_4f35996 |