Bug 1636426
| Summary: | with "Ansible Roles Manager" and "View hosts" roles, user still needs "Remote Excution User" to run roles on host | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Jan Hutař <jhutar> |
| Component: | Ansible - Configuration Management | Assignee: | Ondřej Ezr <oezr> |
| Status: | CLOSED ERRATA | QA Contact: | Danny Synk <dsynk> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.8.0 | CC: | kupadhya, lpramuk, oprazak, pcreech |
| Target Milestone: | 6.10.0 | Keywords: | Reopened, Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | tfm-rubygem-foreman_ansible-6.3.2 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-11-16 14:08:27 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jan Hutař
2018-10-05 11:09:33 UTC
Another confusing thing is that if I have parameter mine roles are consuming in, say, organization, mine roles do not see that parameter. Created redmine issue http://projects.theforeman.org/issues/25579 from this bug The Satellite Team is attempting to provide an accurate backlog of bugzilla requests which we feel will be resolved in the next few releases. We do not believe this bugzilla will meet that criteria, and have plans to close it out in 1 month. This is not a reflection on the validity of the request, but a reflection of the many priorities for the product. If you have any concerns about this, feel free to contact Red Hat Technical Support or your account team. If we do not hear from you, we will close this bug out. Thank you. Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact Red Hat Technical Support. Thank you. Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/25579 has been resolved. Failed QA on Satellite 6.10, snap 10 (tfm-rubygem-foreman_ansible-6.3.1-1.el7sat.noarch). Steps to Test: 1. Create a new user, ansible_test, with only the "Ansible Roles Manager" and "View hosts" roles assigned. 2. Register a RHEL system to Satellite and configure it for remote execution using the Global Registration Template. 3. As the admin user in the Satellite webUI, navigate to Hosts > All Hosts > [hostname] > Edit > Ansible Roles. 4. Assign two Ansible roles to the host. 5. Log in to Satellite as the ansible_test user. 6. In the Satellite webUI, navigate to Hosts > All Hosts > [hostname]. 7. Select the "Run Ansible roles" option from the dropdown menu. Expected Results: A user with only the "Ansible Roles Manager" and "View hosts" roles assigned is able to run Ansible roles on a host. Actual Results: The user receives a "Permission denied" response with the following message: "You are not authorized to perform this action. Please request one of the required permissions listed below from a Satellite administrator: create_job_invocations" Upstream bug assigned to oezr Upstream bug assigned to oezr Steps to Test: 1. Create a new user, ansible_test, with only the "Ansible Roles Manager" and "View hosts" roles assigned. 2. Register a RHEL system to Satellite and configure it for remote execution using the Global Registration Template. 3. As the admin user in the Satellite webUI, navigate to Hosts > All Hosts > [hostname] > Edit > Ansible Roles. 4. Assign two Ansible roles to the host. 5. Log in to Satellite as the ansible_test user. 6. In the Satellite webUI, navigate to Hosts > All Hosts > [hostname]. 7. Select the "Run Ansible roles" option from the dropdown menu. Expected Results: A user with only the "Ansible Roles Manager" and "View hosts" roles assigned is able to run Ansible roles on a host. Actual Results: The ansible_test user, which has only the "Ansible Roles Manager" and "View hosts" roles assigned, is able to run Ansible roles on a host successfully. Verified on Satellite 6.10, snap 13. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.10 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:4702 |