Bug 1433084
| Summary: | Policy to exclude a VM from analysis shows as false but scanning is still happening | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Jared Deubel <jdeubel> | ||||
| Component: | Control | Assignee: | Lucy Fu <lufu> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Dmitry Misharov <dmisharo> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 5.7.0 | CC: | cpelland, dmisharo, gmccullo, jhardy, myoder, obarenbo, simaishi | ||||
| Target Milestone: | GA | Keywords: | Regression, TestOnly, ZStream | ||||
| Target Release: | 5.8.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 5.8.0.7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1433435 1434965 (view as bug list) | Environment: | |||||
| Last Closed: | 2017-06-12 17:10:05 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1433435, 1434965 | ||||||
| Attachments: |
|
||||||
I have a similar case hitting this issue too. The control policy worked for 3.2, but does not appear to be working for 4.1 or 4.2. I will attach the policy and the policy.log to the case. New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/dc64ef6e88ac43c49b97277498b20161d9b8f68e commit dc64ef6e88ac43c49b97277498b20161d9b8f68e Author: Lucy Fu <lufu> AuthorDate: Thu Mar 16 18:09:55 2017 -0400 Commit: Lucy Fu <lufu> CommitDate: Fri Mar 17 08:38:55 2017 -0400 Add the logic to allow a policy to prevent request_vm_scan. https://bugzilla.redhat.com/show_bug.cgi?id=1433084 app/models/vm_or_template/scanning.rb | 28 +++++++++++----------------- spec/models/vm_scan_spec.rb | 17 ++++++++++++++--- spec/models/vm_spec.rb | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 20 deletions(-) New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/89b85a7505e7c945f14fbe5caf4beacd85bc77cc commit 89b85a7505e7c945f14fbe5caf4beacd85bc77cc Author: Lucy Fu <lufu> AuthorDate: Fri Mar 17 08:25:17 2017 -0400 Commit: Lucy Fu <lufu> CommitDate: Fri Mar 17 09:11:49 2017 -0400 Call vm.raw_scan to bypass checking the prevent policy. https://bugzilla.redhat.com/show_bug.cgi?id=1433084 spec/models/job_proxy_dispatcher_embedded_scan_spec.rb | 2 +- ...proxy_dispatcher_get_eligible_proxies_for_job_spec.rb | 2 +- spec/models/job_proxy_dispatcher_spec.rb | 16 ++++++++-------- spec/models/job_proxy_dispatcher_vm_proxies4job_spec.rb | 2 +- spec/models/job_spec.rb | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) Verified in 5.8.0.7.20170321164727_1c97ccd. I created policy which prevents analysis of any VM that is tagged as Do Not Analyze. It works correctly for a vm which was tagged "Do Not Analyze". |
Created attachment 1263823 [details] 1 Description of problem: When setting up a policy that will exclude a VM from being analyzed the simulation shows that the condition is true, but the actual execution of the analysis shows the condition as false and the analysis continues. I have attached some screenshots of the policy, the exclusion tag the simulation and the execution. Also I attached logs from the worker that ran the smartstate analysis. Version-Release number of selected component (if applicable): 5.7