Bug 1322876

Summary: provisioning error in $evm.execute('create_provision_request', *args)
Product: Red Hat CloudForms Management Engine Reporter: Josh Carter <jocarter>
Component: AutomateAssignee: Drew Bomhof <dbomhof>
Status: CLOSED ERRATA QA Contact: Dmitry Misharov <dmisharo>
Severity: high Docs Contact:
Priority: high    
Version: 5.5.0CC: cpelland, dajohnso, jhardy, jocarter, mfeifer, mkanoor, obarenbo, simaishi, tfitzger
Target Milestone: GAKeywords: ZStream
Target Release: 5.6.0   
Hardware: All   
OS: All   
Whiteboard: ldap:automate:provision
Fixed In Version: 5.6.0.5 Doc Type: Bug Fix
Doc Text:
In CloudForms Management Engine 5.5.2, provisioning with the out of the box admin account succeeded, but provisioning with an LDAP user would fail. This happened because the logic in create_provision_request passed only part of the user_name, rather than searching by the full name stored in the database. The code now uses the lookup_by_identity method instead of find_by_userid! to validate a user parameter in order to correctly match the user_name in the database.
 Story Points: ---
Clone Of:
: 1327722 (view as bug list) Environment:
Last Closed: 2016-06-29 15:46:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1327722    

Comment 5 Greg McCullough 2016-04-01 17:55:06 UTC 
The line in comment #4 changed, here is a permalink: https://github.com/ManageIQ/manageiq/blob/7c4f5bc401deff2f1b42215b1929b940593e0d3a/app/models/miq_provision_virt_workflow.rb#L1102

The logic in the create_provision_request (ultimately the class method from_ws_ver_1_x in miq_provision_virt_workflow.rb) was modified as part of the tenant work to validate the the requested user_name value existed in the database so the request could be assigned to the proper user/group/tenant.

The issue reported is because the user_name being passed in is a partial name compared to what is stored in the database.  (guidoc is being passed and the userid is guidoc)

The failure can be resolved by passing in the full userid value for the user which I believe is being truncated in some of the automate logic which comes from the external CloudForms POC repo.

The line would look something like this:
merged_options_hash[:user_name]        = /^[^@]*/.match(@user.userid).to_s

and should be changed to:
merged_options_hash[:user_name]        = @user.userid

Therefore the user_name being passed will be properly matched.


Additional, the code can be updated to handle this situation along with using the same lookup as the workflow initialization by calling
  User.lookup_by_identity(<user_name>)
instead of 
  User.find_by_userid!(<user_name>)
Comment 6 mkanoor 2016-04-04 18:49:42 UTC 
There is another ticket similar to this
https://bugzilla.redhat.com/show_bug.cgi?id=1298292

In that case the customer was using the CloudformsPOC Automate domain from Kevin Morey
https://github.com/ramrexx/CloudFormsPOC/wiki
Comment 7 CFME Bot 2016-04-04 21:36:29 UTC 
https://github.com/ManageIQ/manageiq/pull/7699
Comment 10 CFME Bot 2016-04-27 17:00:52 UTC 
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/cecc2689d762b0c34679779b724b0d44960be01c

commit cecc2689d762b0c34679779b724b0d44960be01c
Author:     Drew Bomhof <dbomhof>
AuthorDate: Mon Apr 4 16:50:45 2016 -0400
Commit:     Drew Bomhof <dbomhof>
CommitDate: Wed Apr 27 12:04:25 2016 -0400

    Use lookup_by_identity to validate a user param
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1322876

 app/models/automation_request.rb                |  6 ++----
 app/models/miq_provision_virt_workflow.rb       |  6 ++----
 app/models/miq_request_workflow.rb              | 13 +++++++++++++
 spec/models/miq_provision_virt_workflow_spec.rb | 22 ++++++++++++++++++++++
 4 files changed, 39 insertions(+), 8 deletions(-)
Comment 11 Milan Falešník 2016-05-09 10:01:18 UTC 
Verified in 5.6.0.5-beta2.4.

I used our user in our LDAP which logs in as username@domain, then I manually crafted params for create_provision_request (in console) where in the place of user id I have placed only the username. When I kicked the request off, it correctly pulled the user from the LDAP and the request was initiated.
Comment 12 CFME Bot 2016-05-17 17:20:40 UTC 
https://github.com/ManageIQ/manageiq/pull/8473
Comment 13 CFME Bot 2016-05-24 15:29:50 UTC 
New commit detected on cfme/5.5.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=29a5845fd05314ee04282c588a9b2c51a920d709

commit 29a5845fd05314ee04282c588a9b2c51a920d709
Author:     Drew Bomhof <dbomhof>
AuthorDate: Mon Apr 4 16:50:45 2016 -0400
Commit:     Drew Bomhof <dbomhof>
CommitDate: Mon May 2 16:56:25 2016 -0400

    Use lookup_by_identity to validate a user param
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1322876

 app/models/automation_request.rb                |  6 ++----
 app/models/miq_provision_virt_workflow.rb       |  6 ++----
 app/models/miq_request_workflow.rb              | 13 +++++++++++++
 spec/models/miq_provision_virt_workflow_spec.rb | 22 ++++++++++++++++++++++
 4 files changed, 39 insertions(+), 8 deletions(-)
Comment 14 CFME Bot 2016-05-24 15:30:14 UTC 
New commit detected on cfme/5.5.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=caee9ee6a2646e3c7751189b6094f3fb7ebbb789

commit caee9ee6a2646e3c7751189b6094f3fb7ebbb789
Merge: 31bc75c 29a5845
Author:     Greg McCullough <gmccullo>
AuthorDate: Tue May 24 11:16:10 2016 -0400
Commit:     Greg McCullough <gmccullo>
CommitDate: Tue May 24 11:16:10 2016 -0400

    Merge branch 'possibly_update_user_5.5.z' into '5.5.z'
    
    Use lookup_by_identity to validate a user param
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1322876
    
    PR: https://github.com/ManageIQ/manageiq/pull/7699
    
    Cherry Pick was clean
    
    See merge request !924

 app/models/automation_request.rb                |  6 ++----
 app/models/miq_provision_virt_workflow.rb       |  6 ++----
 app/models/miq_request_workflow.rb              | 13 +++++++++++++
 spec/models/miq_provision_virt_workflow_spec.rb | 22 ++++++++++++++++++++++
 4 files changed, 39 insertions(+), 8 deletions(-)
Comment 16 errata-xmlrpc 2016-06-29 15:46:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1348