Red Hat Bugzilla – Bug 1411368
Tag Visibility - Container builds should honor tag visibility
Last modified: 2017-05-08 06:37:17 EDT
New commit detected on ManageIQ/manageiq/euwe: https://github.com/ManageIQ/manageiq/commit/de313d014f9486cd60faee9aa23102c4afa27dd2 commit de313d014f9486cd60faee9aa23102c4afa27dd2 Author: Milan Zázrivec <mzazrivec@redhat.com> AuthorDate: Fri Nov 25 15:34:18 2016 +0100 Commit: Satoe Imaishi <simaishi@redhat.com> CommitDate: Mon Jan 9 10:00:16 2017 -0500 Merge pull request #12839 from nimrodshn/bug_1379951_fix Added 'ContainerBuilds' to RBAC filterer to fix bug 1379951 (cherry picked from commit 1db26439e12b0951e9564d5a39ec2a39b648419a) https://bugzilla.redhat.com/show_bug.cgi?id=1411368 lib/rbac/filterer.rb | 1 + 1 file changed, 1 insertion(+)
tested on cfme-5.7.1.0-2.el7cf.x86_64 deployed on openshift 3.4 Failed QE. Steps taken to reproduce: 1. deploy cfme pod on openshift 3.4 2. add the openshift 3.4 as a provider in the cfme pod 3. create a container-build in openshift 3.4 and make sure it can be seen in the UI 4. in cfme UI -> configure -> access control 5. create a role - limit view to compute:containers 6. create a new group -> assign a filter under company tags (I added location = NY) 7. create a user -> add it to the group you created above. 8. in the container lined to the container-build that you created in step #3 -> assign the same tag you added to the group (again, in my case it was location: NY). login as the user -> you still cannot see container-build's which means the tag on the container is not carried on to the build.
Hi Dafna, In Step-1, "Manage a Container" means "adding a container provider". So, in the above scenario, I have not added any tag to the container provider so far, which means the newly created user should not be able to see the container provider. It should be only visible only when a tag is added to the container provider. Thanks, Ramesh
Thanks Ramesh for clarifying the bug to me. I am moving this to verified since indeed we can only see the container-build when it is tagged specifically with the tag filter I set in the group. verified on cfme-5.7.1.0-2.el7cf.x86_64
Sorry for the typo error in the above comment#10, in the above statement I was trying to mention about the container builds. so, I am re-writing the statement here again "So, in the above scenario, I have not added any tag to the container builds so far, which means the newly created user should not be able to see the container builds. It should be only visible only when a tag is added to the container builds."
Sorry for the typo error in the above comment#6, in the above statement I was trying to mention about the container builds. so, I am re-writing the statement here again "So, in the above scenario, I have not added any tag to the container builds so far, which means the newly created user should not be able to see the container builds. It should be only visible only when a tag is added to the container builds."
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2017-0320.html