Bug 1248181 - Cloud Provisioning dialogs do not apply RBAC filtering to resources displayed in dialog fields
Cloud Provisioning dialogs do not apply RBAC filtering to resources displayed...
Status: CLOSED ERRATA
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Provisioning (Show other bugs)
5.4.0
Unspecified Unspecified
medium Severity medium
: GA
: 5.5.0
Assigned To: Drew Bomhof
Aziza Karol
:
Depends On:
Blocks: 1275782
  Show dependency treegraph
 
Reported: 2015-07-29 15:41 EDT by Greg McCullough
Modified: 2015-12-08 08:24 EST (History)
4 users (show)

See Also:
Fixed In Version: 5.5.0.11
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1275782 (view as bug list)
Environment:
Last Closed: 2015-12-08 08:24:32 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Greg McCullough 2015-07-29 15:41:23 EDT
Description of problem: When provisioning a cloud image the resources display in the provisioning dialog for items like Cloud Tenant and Availability Zone are not being filtered by RBAC.


Version-Release number of selected component (if applicable): 5.4


Steps to Reproduce:
1. Create a user with limited tag visibility to the cloud resources Availability Zone, Cloud Tenant (Openstack), Flavors and Security Groups
2. Provision an cloud image
3. Validate that the provisioning dialog fields show resources that should be filtered out.

Actual results:
Resources available in the provision dialogs are not filtered for the logged in user.

Expected results:
Resources should be filtered for the logged on user.

Additional info:
Related to Bug 1235541
Comment 2 Greg McCullough 2015-07-30 09:55:27 EDT
Brandon - The MiqRequestWorkflow class has a process_filter_all method which it looks like we can use here.
Comment 3 Greg McCullough 2015-10-08 17:05:44 EDT
Areas to be filtered:

Shared (Openstack/Amazon)
  Availability Zone
  Security Group
  Instance Type (Flavor)

Openstack:
  Tenant
Comment 6 CFME Bot 2015-10-23 17:30:20 EDT
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/4ed0283d689da161d08a16435bf260e02dee50d9

commit 4ed0283d689da161d08a16435bf260e02dee50d9
Author:     Drew Bomhof <dbomhof@redhat.com>
AuthorDate: Wed Oct 21 09:32:29 2015 -0400
Commit:     Drew Bomhof <dbomhof@redhat.com>
CommitDate: Fri Oct 23 13:51:28 2015 -0400

    Applied RBac to cloud provisioning dialogs
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1248181
    Extracted behavior for applying Rbac into a new method - get_targets_for_ems
    Applied Rbac for shared cloud provisioning dialogs - Availability Zone, Security Group, Instance Type (Flavor)
    Applied Rbac for Openstack provisioning dialog - Tenant

 .../amazon/cloud_manager/provision_workflow.rb     |  16 ++-
 .../providers/cloud_manager/provision_workflow.rb  |  23 +++-
 .../openstack/cloud_manager/provision_workflow.rb  |  13 +-
 .../cloud_manager/provision_workflow_spec.rb       | 121 +++++++++++++++++-
 .../cloud_manager/provision_workflow_spec.rb       | 142 ++++++++++++++++++++-
 5 files changed, 289 insertions(+), 26 deletions(-)
Comment 7 Greg McCullough 2015-11-05 14:23:01 EST
Pulling this one back to ON_DEV because we found some issues with some of the filtering logic.
Comment 9 CFME Bot 2015-11-09 10:32:08 EST
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/699059f52b7faecb98fa331cb5943586e4ad7897

commit 699059f52b7faecb98fa331cb5943586e4ad7897
Author:     Drew Bomhof <dbomhof@redhat.com>
AuthorDate: Thu Nov 5 18:22:42 2015 -0500
Commit:     Drew Bomhof <dbomhof@redhat.com>
CommitDate: Thu Nov 5 18:22:42 2015 -0500

    Correctly handled applying Rbac to cloud provisioning security groups
    
    Created a method:  get_targets_for_source which manages
    applying Rbac to a passed in source as opposed to finding the
    External Management System (ems) on that source.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1248181

 .../providers/amazon/cloud_manager/provision_workflow.rb       |  8 +++-----
 .../manageiq/providers/cloud_manager/provision_workflow.rb     | 10 +++++-----
 .../providers/amazon/cloud_manager/provision_workflow_spec.rb  |  2 +-
 3 files changed, 9 insertions(+), 11 deletions(-)
Comment 10 CFME Bot 2015-11-16 16:18:16 EST
New commit detected on cfme/5.5.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=13e6adc845a8bacb3e0752a8fffb14478002d6ea

commit 13e6adc845a8bacb3e0752a8fffb14478002d6ea
Author:     Drew Bomhof <dbomhof@redhat.com>
AuthorDate: Thu Nov 5 18:22:42 2015 -0500
Commit:     Drew Bomhof <dbomhof@redhat.com>
CommitDate: Fri Nov 13 15:35:27 2015 -0500

    Correctly handled applying Rbac to cloud provisioning security groups
    
    Created a method:  get_targets_for_source which manages
    applying Rbac to a passed in source as opposed to finding the
    External Management System (ems) on that source.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1248181

 .../providers/amazon/cloud_manager/provision_workflow.rb       |  8 +++-----
 .../manageiq/providers/cloud_manager/provision_workflow.rb     | 10 +++++-----
 .../providers/amazon/cloud_manager/provision_workflow_spec.rb  |  2 +-
 3 files changed, 9 insertions(+), 11 deletions(-)
Comment 11 CFME Bot 2015-11-16 16:21:15 EST
New commit detected on cfme/5.5.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=8f68b17960c8b1eb5b436cd58464a71aac214fed

commit 8f68b17960c8b1eb5b436cd58464a71aac214fed
Merge: 32732a7 13e6adc
Author:     Greg McCullough <gmccullo@redhat.com>
AuthorDate: Fri Nov 13 17:00:37 2015 -0500
Commit:     Greg McCullough <gmccullo@redhat.com>
CommitDate: Fri Nov 13 17:00:37 2015 -0500

    Merge branch '5.5.z_apply_rbac_to_cloud' into '5.5.z'
    
    Correctly handled applying Rbac to cloud provisioning security groups
    
    Created a method:  get_targets_for_source which manages
    applying Rbac to a passed in source as opposed to finding the
    External Management System (ems) on that source.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1248181
    
    PR: https://github.com/ManageIQ/manageiq/pull/5322
    
    Cherry-pick was clean
    
    See merge request !432

 .../providers/amazon/cloud_manager/provision_workflow.rb       |  8 +++-----
 .../manageiq/providers/cloud_manager/provision_workflow.rb     | 10 +++++-----
 .../providers/amazon/cloud_manager/provision_workflow_spec.rb  |  2 +-
 3 files changed, 9 insertions(+), 11 deletions(-)
Comment 12 Aziza Karol 2015-12-03 01:52:12 EST
When provisioning a cloud image the resources display in the provisioning dialog for items like Cloud Tenant and Availability Zone are filtered by RBAC.

For the logged in user only those resources gets displayed in the provision dialog's with tag visibility.


Verified:5.5.0.13.20151201120956_653c0d4
Comment 14 errata-xmlrpc 2015-12-08 08:24:32 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:2551

Note You need to log in before you can comment on or make changes to this bug.