Bug 1993679
| Summary: | Creating a Job via an user with selective permissions will not show "Job template" in the form unless refreshing the result of Search Query | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Sayan Das <saydas> | ||||
| Component: | Remote Execution | Assignee: | Adam Ruzicka <aruzicka> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Jaroslav Henner <jhenner> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.10.0 | CC: | afeef.ghannam, aruzicka, jalviso, lstejska, mhulan, oezr, osousa, vdeshpan | ||||
| Target Milestone: | 6.10.0 | Keywords: | Triaged | ||||
| Target Release: | Unused | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | tfm-rubygem-foreman_remote_execution-4.5.6 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2021-11-16 14:13:06 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 1814252 [details]
reproducer script to create the role and user
Created redmine issue https://projects.theforeman.org/issues/33340 from this bug Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/33340 has been resolved. *** Bug 1908150 has been marked as a duplicate of this bug. *** VERIFIED The script needs to have an Organisation Red Hat in place before starting and the Job template name has to be Testing. Then I was able to reproduce on older snap (18) and on newer snap (22) it worked fine. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.10 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:4702 |
Description of problem: The idea here is to ensure that an user should only be able to see one Ansible Playbook and run it on hosts. So we created a role with custom permissions and then assigned to a user. Creating a Job via that user will not show "Job template" field in the form unless refreshing the result of Search Query, using that refresh button. Version-Release number of selected component (if applicable): Satellite 6.10 [ as well as Satellite 6.9 ] How reproducible: Always Steps to Reproduce: 1. Create a small Ansible Playbook based job template called "Testing" with the following content. ## --- - name: Test Play hosts: all gather_facts: false tasks: - name: Check current user command: whoami register: def_user - debug: var=def_user.stdout ## 2. Create a role called REX, a user called rexuser with password set as password@123 using the rex_role_create.sh script 3. Go to Administer --> Users --> and Impersonate the rexuser user. 4. Now go to Hosts --> All Hosts --> Select one host using checkbox --> From Select Action dropdown click on "Schedule Remote Task" Actual results: * It will take us to the "Job Invocation" Page and we could see the following data. Job category: Ansible Playbook Bookmark: <Blank> Search Query: name ^ (host.example.com) Resolves to button Type of query Schedule But the "Job template " dropdown is completely missing. So now, if we hit the refresh button just beside "Resolves to ", the "Job template" option suddenly comes out and It has the "Testing" playbook selected as expected. Expected results: We should not need to do the last step to see the "Job template " dropdown. It should show up automatically. Additional info: * The role actually looks like the following. ----|--------------------|------------------------------------------------------|------------|-----------|------|------------------------------------------------------- ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS ----|--------------------|------------------------------------------------------|------------|-----------|------|------------------------------------------------------- 335 | Organization | none | yes | no | REX | view_organizations 336 | Location | none | yes | no | REX | view_locations 337 | Host | none | yes | no | REX | view_hosts 338 | SmartProxy | none | yes | no | REX | view_smart_proxies 339 | TemplateInvocation | job_category = "Ansible Playbook" | no | no | REX | view_template_invocations, create_template_invocations 340 | JobTemplate | job_category = "Ansible Playbook" and name = Testing | no | no | REX | view_job_templates 341 | JobInvocation | job_category = "Ansible Playbook" | no | no | REX | create_job_invocations, view_job_invocations ----|--------------------|------------------------------------------------------|------------|-----------|------|------------------------------------------------------- and It is being suspected that one of these three resource_types is creating an issue here i.e. TemplateInvocation \ JobTemplate \ JobInvocation. It's either a misconfiguration or a bug or expected behavior. * Also We are trying to find out the relation between, "TemplateInvocation" "JobTemplate" and "JobInvocation" as all three of them gives us common search options to filter "Job Category"