Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1411368 - Tag Visibility - Container builds should honor tag visibility
Summary: Tag Visibility - Container builds should honor tag visibility
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.6.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: GA
: 5.7.1
Assignee: Nimrod Shneor
QA Contact: Dafna Ron
URL:
Whiteboard: ui:tag:container
Depends On: 1379951
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-09 14:59 UTC by Satoe Imaishi
Modified: 2017-05-08 10:37 UTC (History)
9 users (show)

Fixed In Version: 5.7.1.0
Doc Type: Enhancement
Doc Text:
Clone Of: 1379951
Environment:
Last Closed: 2017-02-27 19:18:21 UTC
Category: ---
Cloudforms Team: Container Management
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0320 0 normal SHIPPED_LIVE Moderate: CFME 5.7.1 bug fixes and enhancement update 2017-02-28 00:13:26 UTC

Comment 2 CFME Bot 2017-01-09 15:05:59 UTC
New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/de313d014f9486cd60faee9aa23102c4afa27dd2

commit de313d014f9486cd60faee9aa23102c4afa27dd2
Author:     Milan Zázrivec <mzazrivec@redhat.com>
AuthorDate: Fri Nov 25 15:34:18 2016 +0100
Commit:     Satoe Imaishi <simaishi@redhat.com>
CommitDate: Mon Jan 9 10:00:16 2017 -0500

    Merge pull request #12839 from nimrodshn/bug_1379951_fix
    
    Added 'ContainerBuilds' to RBAC filterer to fix bug 1379951
    (cherry picked from commit 1db26439e12b0951e9564d5a39ec2a39b648419a)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1411368

 lib/rbac/filterer.rb | 1 +
 1 file changed, 1 insertion(+)

Comment 3 Dafna Ron 2017-01-31 13:07:33 UTC
tested on cfme-5.7.1.0-2.el7cf.x86_64 deployed on openshift 3.4

Failed QE. 
Steps taken to reproduce: 

1. deploy cfme pod on openshift 3.4
2. add the openshift 3.4 as a provider in the cfme pod 
3. create a container-build in openshift 3.4 and make sure it can be seen in the UI
4. in cfme UI -> configure -> access control 
5. create a role - limit view to compute:containers
6. create a new group -> assign a filter under company tags (I added location = NY) 
7. create a user -> add it to the group you created above. 
8. in the container lined to the container-build that you created in step #3 -> assign the same tag you added to the group (again, in my case it was location: NY). 

login as the user -> you still cannot see container-build's which means the tag on the container is not carried on to the build.

Comment 6 Ramesh A 2017-01-31 14:23:52 UTC
Hi Dafna,

In Step-1, "Manage a Container" means "adding a container provider".

So, in the above scenario, I have not added any tag to the container provider so far, which means the newly created user should not be able to see the container provider.  

It should be only visible only when a tag is added to the container provider.


Thanks,
Ramesh

Comment 7 Dafna Ron 2017-01-31 15:09:39 UTC
Thanks Ramesh for clarifying the bug to me. 
I am moving this to verified since indeed we can only see the container-build when it is tagged specifically with the tag filter I set in the group. 

verified on cfme-5.7.1.0-2.el7cf.x86_64

Comment 8 Ramesh A 2017-01-31 15:15:34 UTC
Sorry for the typo error in the above comment#10, in the above statement I was trying to mention about the container builds. so, I am re-writing the statement here again

"So, in the above scenario, I have not added any tag to the container builds so far, which means the newly created user should not be able to see the container builds.  

It should be only visible only when a tag is added to the container builds."

Comment 9 Ramesh A 2017-01-31 15:17:28 UTC
Sorry for the typo error in the above comment#6, in the above statement I was trying to mention about the container builds. so, I am re-writing the statement here again

"So, in the above scenario, I have not added any tag to the container builds so far, which means the newly created user should not be able to see the container builds.  

It should be only visible only when a tag is added to the container builds."

Comment 11 errata-xmlrpc 2017-02-27 19:18:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0320.html


Note You need to log in before you can comment on or make changes to this bug.