Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1421878 - API request is not returning expected result for LDAP user [NEEDINFO]
API request is not returning expected result for LDAP user
Status: CLOSED ERRATA
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: API (Show other bugs)
5.6.0
Unspecified Unspecified
high Severity high
: GA
: 5.9.0
Assigned To: Tim Wade
Martin Kourim
auth:miqldap:ad:api
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-02-13 18:04 EST by myoder
Modified: 2018-03-01 08:09 EST (History)
7 users (show)

See Also:
Fixed In Version: 5.9.0.1
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-03-01 08:09:24 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: Bug
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core
myoder: needinfo? (twade)

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0380 normal SHIPPED_LIVE Moderate: Red Hat CloudForms security, bug fix, and enhancement update 2018-03-01 13:37:12 EST

  None (edit)
Description myoder 2017-02-13 18:04:42 EST 
Description of problem:

When using the Rest API as the local admin user I can use this url to retrieve the request.
https://hostname/api/requests/11000000007200

When using the Rest API as an active directory user using this url i get a 404
https://hostname/api/requests/11000000007200
404 Not Found

however, as the same active directory user i can use this url to get the same data returned
https://hostname/api/provision_requests/11000000007200

I would expect both api/provision_requests and api/requests to behave the same way.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 3 Dave Johnson 2017-03-01 16:35:11 EST 
Matt, could you retest this please in 5.6.4?
Comment 6 Tim Wade 2017-05-18 13:39:35 EDT 
Matt,

Were you able to retest as per https://bugzilla.redhat.com/show_bug.cgi?id=1421878#c3 ?

It looks like there are a couple of things going on here:

1. In the requests API, we limit GETs to either the requester if they are not admin. We don't do this for provision requests, hence the inconsistency in results. IMO we should fix this, but it's a separate issue - fixing it would only make the core issue here more apparent

2. In order to do (1), we ask the current user if they are admin. This must be returning true (as expected) if you are signing in locally, and returning false when using LDAP. If this is the case we need to address that, but it's not specifically an API issue.
Comment 7 Tim Wade 2017-05-18 14:15:48 EDT 
Fixed in https://github.com/ManageIQ/manageiq/pull/15151

Matt, I have addressed (2) above, so cancelling needinfo request
Comment 9 Tim Wade 2017-05-19 11:01:19 EDT 
Note: This will also require https://github.com/ManageIQ/manageiq/pull/15163 to fix, I'll move this to POST when that gets merged.
Comment 10 Martin Kourim 2017-10-24 11:57:36 EDT 
Verified that the LDAP admin user (with EvmGroup-super_administrator group) can access both /api/requests and /api/provision_requests.
Comment 14 errata-xmlrpc 2018-03-01 08:09:24 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0380
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.