1304368 – aaa-jdbc return only direct group membership, not indirect membership

Bug 1304368 - aaa-jdbc return only direct group membership, not indirect membership

Summary: aaa-jdbc return only direct group membership, not indirect membership

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-engine-extension-aaa-jdbc
Classification:	oVirt
Component:	Core
Sub Component:
Version:	1.0.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	ovirt-3.6.6
Target Release:	1.0.7
Assignee:	Martin Perina
QA Contact:	Gonza
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1327600
TreeView+	depends on / blocked

Reported:	2016-02-03 12:36 UTC by Ondra Machacek
Modified:	2016-05-30 10:53 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-30 10:53:30 UTC
oVirt Team:	Infra
Embargoed:
Flags:	rule-engine: ovirt-3.6.z+ mgoldboi: planning_ack+ mperina: devel_ack+ pstehlik: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	55906	0	master	MERGED	core: Fix returning nested groups during search	2016-04-13 06:53:59 UTC
oVirt gerrit	56209	0	ovirt-engine-extension-aaa-jdbc-1.0	MERGED	core: Fix returning nested groups during search	2016-04-15 15:56:52 UTC

Description Ondra Machacek 2016-02-03 12:36:23 UTC

Description of problem:


Version-Release number of selected component (if applicable):
1.0.6

How reproducible:
always

Steps to Reproduce:
1. 
ovirt-aaa-jdbc-tool group add groupB
ovirt-aaa-jdbc-tool group add groupA
ovirt-aaa-jdbc-tool user add userX
ovirt-aaa-jdbc-tool group-manage groupadd groupB --group=groupA
ovirt-aaa-jdbc-tool group-manage useradd groupA --user=userX

2.
$ bin/ovirt-aaa-jdbc-tool group-manage show groupB
Group: groupB(b0792530-eba6-48a2-883d-7a4c683002e6) members:
  Group: groupA
$ bin/ovirt-aaa-jdbc-tool group-manage show groupA
Group: groupA(8db68768-39d4-4c86-831e-f97cad1f4702) members:
  User: userX
3. ovirt-engine-extensions-tool aaa search --authz-flag=resolve-groups-recursive --authz-flag=resolve-groups --entity-name=userX --extension-name=internal-authz

Actual results:
2016-02-03 13:33:21 INFO    --- Begin PrincipalRecord ---
2016-02-03 13:33:21 INFO    AAA_JDBC_USER_DESCRIPTION: 
2016-02-03 13:33:21 INFO    AAA_AUTHZ_PRINCIPAL_TITLE: 
2016-02-03 13:33:21 INFO    AAA_AUTHZ_PRINCIPAL_NAMESPACE: *
2016-02-03 13:33:21 INFO    AAA_AUTHZ_PRINCIPAL_NAME: userX
2016-02-03 13:33:21 INFO    AAA_AUTHZ_PRINCIPAL_DEPARTMENT: Blab
2016-02-03 13:33:21 INFO    AAA_AUTHZ_PRINCIPAL_PRINCIPAL: userX
2016-02-03 13:33:21 INFO    AAA_AUTHZ_PRINCIPAL_EMAIL: 
2016-02-03 13:33:21 INFO    AAA_AUTHZ_PRINCIPAL_LAST_NAME: 
2016-02-03 13:33:21 INFO    AAA_AUTHZ_PRINCIPAL_ID: c4f4d88c-e32f-4775-84e1-cded3b70f5f0
2016-02-03 13:33:21 INFO    AAA_AUTHZ_PRINCIPAL_DISPLAY_NAME: 
2016-02-03 13:33:21 INFO    AAA_AUTHZ_PRINCIPAL_FIRST_NAME: 
2016-02-03 13:33:21 INFO      --- Begin GroupRecord ---
2016-02-03 13:33:21 INFO      AAA_AUTHZ_GROUP_ID: 8db68768-39d4-4c86-831e-f97cad1f4702
2016-02-03 13:33:21 INFO      AAA_AUTHZ_GROUP_DISPLAY_NAME: 
2016-02-03 13:33:21 INFO      AAA_AUTHZ_GROUP_NAMESPACE: *
2016-02-03 13:33:21 INFO      AAA_AUTHZ_GROUP_NAME: groupA
2016-02-03 13:33:21 INFO      AAA_JDBC_GROUP_DESCRIPTION: 
2016-02-03 13:33:21 INFO      --- End   GroupRecord ---
2016-02-03 13:33:21 INFO    --- End   PrincipalRecord ---

Expected results:
See also groupB.

Additional info:

Comment 1 Martin Perina 2016-04-15 16:51:54 UTC

Fix is contained in ovirt-engine-extension-aaa-jdbc-1.0.7-1

Comment 2 Gonza 2016-05-12 11:31:21 UTC

Verified with:
ovirt-engine-extension-aaa-jdbc-1.0.7-2.el6ev.noarch

2016-05-10 15:09:41 INFO    --- Begin PrincipalRecord ---
2016-05-10 15:09:41 INFO    AAA_AUTHZ_PRINCIPAL_EMAIL: 
2016-05-10 15:09:41 INFO    AAA_AUTHZ_PRINCIPAL_LAST_NAME: 
2016-05-10 15:09:41 INFO    AAA_AUTHZ_PRINCIPAL_PRINCIPAL: userX
2016-05-10 15:09:41 INFO    AAA_AUTHZ_PRINCIPAL_NAME: userX
2016-05-10 15:09:41 INFO    AAA_AUTHZ_PRINCIPAL_TITLE: 
2016-05-10 15:09:41 INFO    AAA_AUTHZ_PRINCIPAL_DISPLAY_NAME: 
2016-05-10 15:09:41 INFO    AAA_JDBC_USER_DESCRIPTION: 
2016-05-10 15:09:41 INFO    AAA_AUTHZ_PRINCIPAL_ID: af284405-1871-4ae4-bdec-155da0d187fb
2016-05-10 15:09:41 INFO    AAA_AUTHZ_PRINCIPAL_DEPARTMENT: 
2016-05-10 15:09:41 INFO    AAA_AUTHZ_PRINCIPAL_FIRST_NAME: 
2016-05-10 15:09:41 INFO    AAA_AUTHZ_PRINCIPAL_NAMESPACE: *
2016-05-10 15:09:41 INFO      --- Begin GroupRecord ---
2016-05-10 15:09:41 INFO      AAA_AUTHZ_GROUP_NAME: groupA
2016-05-10 15:09:41 INFO      AAA_JDBC_GROUP_DESCRIPTION: 
2016-05-10 15:09:41 INFO      AAA_AUTHZ_GROUP_ID: 389ab2ea-c8a7-47ad-8864-702cbeabd00c
2016-05-10 15:09:41 INFO      AAA_AUTHZ_GROUP_DISPLAY_NAME: 
2016-05-10 15:09:41 INFO      AAA_AUTHZ_GROUP_NAMESPACE: *
2016-05-10 15:09:41 INFO        --- Begin GroupRecord ---
2016-05-10 15:09:41 INFO        AAA_AUTHZ_GROUP_NAME: groupB
2016-05-10 15:09:41 INFO        AAA_JDBC_GROUP_DESCRIPTION: 
2016-05-10 15:09:41 INFO        AAA_AUTHZ_GROUP_ID: a4957cf2-9fc1-480f-8d9b-f1735879c31b
2016-05-10 15:09:41 INFO        AAA_AUTHZ_GROUP_DISPLAY_NAME: 
2016-05-10 15:09:41 INFO        AAA_AUTHZ_GROUP_NAMESPACE: *
2016-05-10 15:09:41 INFO        --- End   GroupRecord ---
2016-05-10 15:09:41 INFO      --- End   GroupRecord ---
2016-05-10 15:09:41 INFO    --- End   PrincipalRecord ---

Note You need to log in before you can comment on or make changes to this bug.