Bug 1426742

Summary:	Cannot query most auditable_types in API
Product:	Red Hat Satellite	Reporter:	Paul Dudley <pdudley>
Component:	Audit Log	Assignee:	Tomas Strachota <tstrachota>
Status:	CLOSED ERRATA	QA Contact:	Katello QA List <katello-qa-list>
Severity:	high	Docs Contact:
Priority:	high
Version:	6.2.7	CC:	andrew.schofield, bbuckingham, dlawrenc, inecas, jcallaha, kabbott, mhulan, oshtaier, tstrachota
Target Milestone:	Unspecified	Keywords:	Triaged
Target Release:	Unused
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-02-21 17:04:23 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Paul Dudley 2017-02-24 17:55:16 UTC

When a user edits an authentication source and audit record such as this is generated:

{
  "user_id": 3,
  "user_type": null,
  "user_name": "admin",
  "version": 1,
  "comment": null,
  "associated_id": null,
  "associated_type": null,
  "remote_address": "192.168.0.0",
  "associated_name": null,
  "created_at": "2016-11-30 15:41:19 UTC",
  "id": 12417,
  "auditable_id": 3,
  "auditable_name": "LDAP-GBL-AD",
  "auditable_type": "AuthSource",
  "action": "create",
  "audited_changes": {
    "name": "GBL-AD",
    "host": <hostname>,
    "port": 389,
    "account": null,
    "account_password": null,
    "base_dn": null,
    "attr_login": "sAMAccountName",
    "attr_firstname": "givenName",
    "attr_lastname": "sn",
    "attr_mail": "userPrincipalName",
    "onthefly_register": true,
    "tls": false,
    "ldap_filter": null,
    "attr_photo": null,
    "server_type": "posix",
    "groups_base": null,
    "usergroup_sync": false
  }
}

And the audit event with is recorded with auditable_type = AuthSource. However, this fails:
https://satellite.example.com/api/v2/audits/?search=name=AuthSource

With this (by name):
  "error": {"message":"Field 'name' not recognized for searching!","class":"ScopedSearch::QueryNotSupported"}

But when you query by type:
  "error": {"message":"'auditable_type' should be one of 'host, parameter, architecture, puppetclass, os, hostgroup, template', but the query was 'AuthSource'","class":"ScopedSearch::QueryNotSupported"}

From audit logs the available types seem to be:
            "auditable_type": "AuthSource",
            "auditable_type": "ComputeAttribute",
            "auditable_type": "ComputeProfile",
            "auditable_type": "ComputeResource",
            "auditable_type": "Domain",
            "auditable_type": "HostClass",
            "auditable_type": "HostgroupClass",
            "auditable_type": "Katello::System",
            "auditable_type": "Location",
            "auditable_type": "LookupKey",
            "auditable_type": "LookupValue",
            "auditable_type": "Medium",
            "auditable_type": "Organization",
            "auditable_type": "Ptable",
            "auditable_type": "Role",
            "auditable_type": "Setting",
            "auditable_type": "SmartProxy",
            "auditable_type": "Subnet",
            "auditable_type": "User",
            "auditable_type": "Usergroup",

We would expect these types to be able to be queried as well as the types that already exist.

Comment 1 Tomas Strachota 2017-02-27 11:10:57 UTC

Created redmine issue http://projects.theforeman.org/issues/18690 from this bug

Comment 4 Satellite Program 2017-03-08 09:02:57 UTC

Upstream bug assigned to tstrachota

Comment 5 Satellite Program 2017-03-08 09:03:01 UTC

Upstream bug assigned to tstrachota

Comment 6 Satellite Program 2017-03-08 19:02:57 UTC

Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/18690 has been resolved.

Comment 7 Stephen Benjamin 2017-03-30 16:49:11 UTC

*** Bug 1435006 has been marked as a duplicate of this bug. ***

Comment 8 Oleksandr Shtaier 2017-09-20 11:30:18 UTC

Verified on latest 6.3. Seems that changing approach to scoped search added all entities requested.

We will have automation script that will check every entity, but few random results:

Auth_source:
Making HTTP GET request to https://server/api/v2/audits with options {'verify': False, 'data': '{"search": "type=auth_source"}', 'auth': ('admin', 'changeme'), 'headers': {'content-type': 'application/json'}}, no params and no data.
Received HTTP 200 response: {
  "total": 540,
  "subtotal": 15,
  "page": 1,
  "per_page": 20,
  "search": "type=auth_source",
  "sort": {
    "by": null,
    "order": null
  },
  "results": [{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 11:11:56 UTC","id":541,"auditable_id":17,"auditable_name":"LDAP-wCILIvTjhPxArINNMHRzcAOrPewdthcMlfRpTUXjdJfwQJtBusLqK","auditable_type":"AuthSource","action":"create","audited_changes":{"name":"wCILIvTjhPxArINNMHRzcAOrPewdthcMlfRpTUXjdJfwQJtBusLqK","host":"aYDxegWfTYMFVB","port":389,"account":null,"account_password":null,"base_dn":null,"attr_login":null,"attr_firstname":null,"attr_lastname":null,"attr_mail":null,"onthefly_register":false,"tls":false,"ldap_filter":null,"attr_photo":null,"server_type":"posix","groups_base":null,"usergroup_sync":true}},{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 09:54:16 UTC","id":476,"auditable_id":16,"auditable_name":"LDAP-EvwTuYIFmNQoKbbXUbpnVRpjGOSRGjLAwTCpiyUsvkHPXRPufFoNrA","auditable_type":"AuthSource","action":"create","audited_changes":{"name":"EvwTuYIFmNQoKbbXUbpnVRpjGOSRGjLAwTCpiyUsvkHPXRPufFoNrA","host":"pkOIwYLHQexrLwnvHmXcllyrolxjHffHwXbpqVqUrAovbguXSlTUb","port":389,"account":null,"account_password":null,"base_dn":null,"attr_login":null,"attr_firstname":null,"attr_lastname":null,"attr_mail":null,"onthefly_register":false,"tls":false,"ldap_filter":null,"attr_photo":null,"server_type":"posix","groups_base":null,"usergroup_sync":true}},{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 09:45:21 UTC","id":448,"auditable_id":15,"auditable_name":"LDAP-gyLdNyfwVUnCuwNoDRervyJAGdRLkAqvvhZDTKL","auditable_type":"AuthSource","action":"create","audited_changes":{"name":"gyLdNyfwVUnCuwNoDRervyJAGdRLkAqvvhZDTKL","host":"XBSpwNLwKpUwhROFBzGQ","port":389,"account":null,"account_password":null,"base_dn":null,"attr_login":null,"attr_firstname":null,"attr_lastname":null,"attr_mail":null,"onthefly_register":false,"tls":false,"ldap_filter":null,"attr_photo":null,"server_type":"posix","groups_base":null,"usergroup_sync":true}},
...

Locations:
Making HTTP GET request to https://server/api/v2/audits with options {'verify': False, 'data': '{"search": "type=location"}', 'auth': ('admin', 'changeme'), 'headers': {'content-type': 'application/json'}}, no params and no data.
Received HTTP 200 response: {
  "total": 557,
  "subtotal": 37,
  "page": 1,
  "per_page": 20,
  "search": "type=location",
  "sort": {
    "by": null,
    "order": null
  },
  "results": [{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 11:12:31 UTC","id":558,"auditable_id":62,"auditable_name":"kPALyodDhTS","auditable_type":"Location","action":"create","audited_changes":{"name":"kPALyodDhTS","ignore_types":["ProvisioningTemplate","Hostgroup"],"description":null,"label":null,"ancestry":null}},
...

Subnets:
Making HTTP GET request to https://server/api/v2/audits with options {'verify': False, 'data': '{"search": "type=subnet"}', 'auth': ('admin', 'changeme'), 'headers': {'content-type': 'application/json'}}, no params and no data.
Received HTTP 200 response: {
  "total": 563,
  "subtotal": 21,
  "page": 1,
  "per_page": 20,
  "search": "type=subnet",
  "sort": {
    "by": null,
    "order": null
  },
  "results": [{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 11:12:52 UTC","id":564,"auditable_id":20,"auditable_name":"OFhZVYLaNj (78.30.28.99/24)","auditable_type":"Subnet","action":"create","audited_changes":{"network":"78.30.28.99","mask":"255.255.255.0","priority":null,"name":"OFhZVYLaNj","vlanid":null,"dhcp_id":null,"tftp_id":null,"gateway":null,"dns_primary":null,"dns_secondary":null,"from":null,"to":null,"dns_id":null,"boot_mode":"DHCP","ipam":"None","discovery_id":null}},{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 09:55:11 UTC","id":499,"auditable_id":19,"auditable_name":"SUTRpE (23.246.161.152/29)","auditable_type":"Subnet","action":"create","audited_changes":{"network":"23.246.161.152","mask":"255.255.255.248","priority":null,"name":"SUTRpE","vlanid":null,"dhcp_id":null,"tftp_id":null,"gateway":null,"dns_primary":null,"dns_secondary":null,"from":null,"to":null,"dns_id":null,"boot_mode":"DHCP","ipam":"None","discovery_id":null}},

Comment 10 Oleksandr Shtaier 2017-09-20 11:47:01 UTC

Probably related to regression in:
https://bugzilla.redhat.com/show_bug.cgi?id=1492668
https://bugzilla.redhat.com/show_bug.cgi?id=1492696

Comment 11 Bryan Kearney 2018-02-21 17:04:23 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336