1425977 – Filter modification on roles is not audited

Bug 1425977 - Filter modification on roles is not audited

Summary: Filter modification on roles is not audited

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Audit Log
Sub Component:
Version:	6.2.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	Unspecified
Assignee:	Tomer Brisker
QA Contact:	Nikhil Kathole
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1479962
TreeView+	depends on / blocked

Reported:	2017-02-22 23:07 UTC by Christian Marineau
Modified:	2021-06-10 11:58 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-21 16:54:17 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Audit log showing update (1.73 MB, application/octet-stream) 2017-10-23 08:03 UTC, Nikhil Kathole	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	20470	0	None	None	None	2017-08-01 08:11:18 UTC

Description Christian Marineau 2017-02-22 23:07:14 UTC

Description of problem:
If we create, delete or rename a role, it is creating an audit entry, but when we add or remove a filter, it does not appear in audits.

Version-Release number of selected component (if applicable):
6.2.7

How reproducible:
100%

Steps to Reproduce:
1. Create a new role: Administer > Roles
2. Click on "New role"
3. For this example, I am creating a role called: bug_test_role
4. Click Submit
5. Under Monitor > Audits
   We can see a new entry
     Ex: Admin (192.168.1.1) created Role: bug_test_role 
6. Go back to Administer > Roles
7. Click on bug_test_role to edit the role
8. Add 1 or more filter to that role
9, Under Monitor > Audits
   No new entry is created for the Filter added to the role

Actual results:
No audit entry is created.

Expected results:
Have a "update" entry for the role indicating what filter were added or removed

Additional info:
More details on the audit logs from the api
Check the audits logs from the API
# curl -X GET -s -k -u admin:changeme https://satellite.domain.com/api/v2/audits | jq .results[] | jq 'select(.auditable_name=="bug_test_role")'

Comment 2 Andrew Schofield 2017-03-16 20:54:46 UTC

Can we push this please - the BZ hasn't shifted in a while.

Comment 3 Tomer Brisker 2017-08-01 08:11:14 UTC

Created redmine issue http://projects.theforeman.org/issues/20470 from this bug

Comment 4 Satellite Program 2017-08-01 10:00:46 UTC

Upstream bug assigned to tbrisker

Comment 5 Satellite Program 2017-08-01 10:00:50 UTC

Upstream bug assigned to tbrisker

Comment 7 Satellite Program 2017-09-15 18:00:47 UTC

Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20470 has been resolved.

Comment 9 Nikhil Kathole 2017-10-23 08:02:39 UTC

VERIFIED

Version Tested:
Satellite-6.3 Snap 21

steps:

1. Created new role
2. Checked for entry in audit log
3. Added filter
4. Checked Update entry in audit log
5. Removed filter
6. Checked entry in audit log

Successfully found entry in audit log for update indicating roles added and removed.

Comment 10 Nikhil Kathole 2017-10-23 08:03:31 UTC

Created attachment 1342038 [details]
Audit log showing update

Comment 12 Satellite Program 2018-02-21 16:54:17 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> 
> For information on the advisory, and where to find the updated files, follow the link below.
> 
> If the solution does not work for you, open a new bug report.
> 
> https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.