Bug 1426742 - Cannot query most auditable_types in API
Summary: Cannot query most auditable_types in API
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Audit Log
Version: 6.2.7
Hardware: Unspecified
OS: Unspecified
high
high vote
Target Milestone: Unspecified
Assignee: Tomas Strachota
QA Contact: Katello QA List
URL:
Whiteboard:
Keywords: Triaged
: 1435006 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-24 17:55 UTC by Paul Dudley
Modified: 2019-04-01 20:27 UTC (History)
9 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2018-02-21 17:04:23 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 18690 None None None 2017-02-27 11:10 UTC
Red Hat Bugzilla 1406175 None None None Never
Red Hat Bugzilla 1492668 None None None Never
Red Hat Bugzilla 1492696 None None None Never

Internal Trackers: 1406175 1492668 1492696

Description Paul Dudley 2017-02-24 17:55:16 UTC
When a user edits an authentication source and audit record such as this is generated:

{
  "user_id": 3,
  "user_type": null,
  "user_name": "admin",
  "version": 1,
  "comment": null,
  "associated_id": null,
  "associated_type": null,
  "remote_address": "192.168.0.0",
  "associated_name": null,
  "created_at": "2016-11-30 15:41:19 UTC",
  "id": 12417,
  "auditable_id": 3,
  "auditable_name": "LDAP-GBL-AD",
  "auditable_type": "AuthSource",
  "action": "create",
  "audited_changes": {
    "name": "GBL-AD",
    "host": <hostname>,
    "port": 389,
    "account": null,
    "account_password": null,
    "base_dn": null,
    "attr_login": "sAMAccountName",
    "attr_firstname": "givenName",
    "attr_lastname": "sn",
    "attr_mail": "userPrincipalName",
    "onthefly_register": true,
    "tls": false,
    "ldap_filter": null,
    "attr_photo": null,
    "server_type": "posix",
    "groups_base": null,
    "usergroup_sync": false
  }
}

And the audit event with is recorded with auditable_type = AuthSource. However, this fails:
https://satellite.example.com/api/v2/audits/?search=name=AuthSource

With this (by name):
  "error": {"message":"Field 'name' not recognized for searching!","class":"ScopedSearch::QueryNotSupported"}

But when you query by type:
  "error": {"message":"'auditable_type' should be one of 'host, parameter, architecture, puppetclass, os, hostgroup, template', but the query was 'AuthSource'","class":"ScopedSearch::QueryNotSupported"}

From audit logs the available types seem to be:
            "auditable_type": "AuthSource",
            "auditable_type": "ComputeAttribute",
            "auditable_type": "ComputeProfile",
            "auditable_type": "ComputeResource",
            "auditable_type": "Domain",
            "auditable_type": "HostClass",
            "auditable_type": "HostgroupClass",
            "auditable_type": "Katello::System",
            "auditable_type": "Location",
            "auditable_type": "LookupKey",
            "auditable_type": "LookupValue",
            "auditable_type": "Medium",
            "auditable_type": "Organization",
            "auditable_type": "Ptable",
            "auditable_type": "Role",
            "auditable_type": "Setting",
            "auditable_type": "SmartProxy",
            "auditable_type": "Subnet",
            "auditable_type": "User",
            "auditable_type": "Usergroup",

We would expect these types to be able to be queried as well as the types that already exist.

Comment 1 Tomas Strachota 2017-02-27 11:10:57 UTC
Created redmine issue http://projects.theforeman.org/issues/18690 from this bug

Comment 4 pm-sat@redhat.com 2017-03-08 09:02:57 UTC
Upstream bug assigned to tstrachota@redhat.com

Comment 5 pm-sat@redhat.com 2017-03-08 09:03:01 UTC
Upstream bug assigned to tstrachota@redhat.com

Comment 6 pm-sat@redhat.com 2017-03-08 19:02:57 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/18690 has been resolved.

Comment 7 Stephen Benjamin 2017-03-30 16:49:11 UTC
*** Bug 1435006 has been marked as a duplicate of this bug. ***

Comment 8 Oleksandr Shtaier 2017-09-20 11:30:18 UTC
Verified on latest 6.3. Seems that changing approach to scoped search added all entities requested.

We will have automation script that will check every entity, but few random results:

Auth_source:
Making HTTP GET request to https://server/api/v2/audits with options {'verify': False, 'data': '{"search": "type=auth_source"}', 'auth': ('admin', 'changeme'), 'headers': {'content-type': 'application/json'}}, no params and no data.
Received HTTP 200 response: {
  "total": 540,
  "subtotal": 15,
  "page": 1,
  "per_page": 20,
  "search": "type=auth_source",
  "sort": {
    "by": null,
    "order": null
  },
  "results": [{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 11:11:56 UTC","id":541,"auditable_id":17,"auditable_name":"LDAP-wCILIvTjhPxArINNMHRzcAOrPewdthcMlfRpTUXjdJfwQJtBusLqK","auditable_type":"AuthSource","action":"create","audited_changes":{"name":"wCILIvTjhPxArINNMHRzcAOrPewdthcMlfRpTUXjdJfwQJtBusLqK","host":"aYDxegWfTYMFVB","port":389,"account":null,"account_password":null,"base_dn":null,"attr_login":null,"attr_firstname":null,"attr_lastname":null,"attr_mail":null,"onthefly_register":false,"tls":false,"ldap_filter":null,"attr_photo":null,"server_type":"posix","groups_base":null,"usergroup_sync":true}},{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 09:54:16 UTC","id":476,"auditable_id":16,"auditable_name":"LDAP-EvwTuYIFmNQoKbbXUbpnVRpjGOSRGjLAwTCpiyUsvkHPXRPufFoNrA","auditable_type":"AuthSource","action":"create","audited_changes":{"name":"EvwTuYIFmNQoKbbXUbpnVRpjGOSRGjLAwTCpiyUsvkHPXRPufFoNrA","host":"pkOIwYLHQexrLwnvHmXcllyrolxjHffHwXbpqVqUrAovbguXSlTUb","port":389,"account":null,"account_password":null,"base_dn":null,"attr_login":null,"attr_firstname":null,"attr_lastname":null,"attr_mail":null,"onthefly_register":false,"tls":false,"ldap_filter":null,"attr_photo":null,"server_type":"posix","groups_base":null,"usergroup_sync":true}},{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 09:45:21 UTC","id":448,"auditable_id":15,"auditable_name":"LDAP-gyLdNyfwVUnCuwNoDRervyJAGdRLkAqvvhZDTKL","auditable_type":"AuthSource","action":"create","audited_changes":{"name":"gyLdNyfwVUnCuwNoDRervyJAGdRLkAqvvhZDTKL","host":"XBSpwNLwKpUwhROFBzGQ","port":389,"account":null,"account_password":null,"base_dn":null,"attr_login":null,"attr_firstname":null,"attr_lastname":null,"attr_mail":null,"onthefly_register":false,"tls":false,"ldap_filter":null,"attr_photo":null,"server_type":"posix","groups_base":null,"usergroup_sync":true}},
...

Locations:
Making HTTP GET request to https://server/api/v2/audits with options {'verify': False, 'data': '{"search": "type=location"}', 'auth': ('admin', 'changeme'), 'headers': {'content-type': 'application/json'}}, no params and no data.
Received HTTP 200 response: {
  "total": 557,
  "subtotal": 37,
  "page": 1,
  "per_page": 20,
  "search": "type=location",
  "sort": {
    "by": null,
    "order": null
  },
  "results": [{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 11:12:31 UTC","id":558,"auditable_id":62,"auditable_name":"kPALyodDhTS","auditable_type":"Location","action":"create","audited_changes":{"name":"kPALyodDhTS","ignore_types":["ProvisioningTemplate","Hostgroup"],"description":null,"label":null,"ancestry":null}},
...

Subnets:
Making HTTP GET request to https://server/api/v2/audits with options {'verify': False, 'data': '{"search": "type=subnet"}', 'auth': ('admin', 'changeme'), 'headers': {'content-type': 'application/json'}}, no params and no data.
Received HTTP 200 response: {
  "total": 563,
  "subtotal": 21,
  "page": 1,
  "per_page": 20,
  "search": "type=subnet",
  "sort": {
    "by": null,
    "order": null
  },
  "results": [{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 11:12:52 UTC","id":564,"auditable_id":20,"auditable_name":"OFhZVYLaNj (78.30.28.99/24)","auditable_type":"Subnet","action":"create","audited_changes":{"network":"78.30.28.99","mask":"255.255.255.0","priority":null,"name":"OFhZVYLaNj","vlanid":null,"dhcp_id":null,"tftp_id":null,"gateway":null,"dns_primary":null,"dns_secondary":null,"from":null,"to":null,"dns_id":null,"boot_mode":"DHCP","ipam":"None","discovery_id":null}},{"user_id":3,"user_type":null,"user_name":"admin","version":1,"comment":null,"associated_id":null,"associated_type":null,"remote_address":"10.36.116.84","associated_name":null,"created_at":"2017-09-20 09:55:11 UTC","id":499,"auditable_id":19,"auditable_name":"SUTRpE (23.246.161.152/29)","auditable_type":"Subnet","action":"create","audited_changes":{"network":"23.246.161.152","mask":"255.255.255.248","priority":null,"name":"SUTRpE","vlanid":null,"dhcp_id":null,"tftp_id":null,"gateway":null,"dns_primary":null,"dns_secondary":null,"from":null,"to":null,"dns_id":null,"boot_mode":"DHCP","ipam":"None","discovery_id":null}},

Comment 10 Oleksandr Shtaier 2017-09-20 11:47:01 UTC
Probably related to regression in:
https://bugzilla.redhat.com/show_bug.cgi?id=1492668
https://bugzilla.redhat.com/show_bug.cgi?id=1492696

Comment 11 Bryan Kearney 2018-02-21 17:04:23 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336


Note You need to log in before you can comment on or make changes to this bug.