Description of problem: During RBAC Search we should only be dealing with VMDB objects and not with strings. When strings are passed they RBAC search we get the following error NoMethodError: undefined method `id' for "vm_0000000000002":String (druby://127.0.0.1:55549) /Users/madhukanoor/devsrc/manageiq/lib/rbac/filterer.rb:201:in `collect'622 (druby://127.0.0.1:55549) /Users/madhukanoor/devsrc/manageiq/lib/rbac/filterer.rb:201:in `search '623 (druby://127.0.0.1:55549) /Users/madhukanoor/devsrc/manageiq/lib/rbac/filterer.rb:112:in `search '624 (druby://127.0.0.1:55549) /Users/madhukanoor/devsrc/manageiq/lib/rbac.rb:3:in `search'625 (druby://127.0.0.1:55549) /Users/madhukanoor/devsrc/manageiq/lib/rbac/filterer.rb:280:in `filtered'626 (druby://127.0.0.1:55549) /Users/madhukanoor/devsrc/manageiq/lib/rbac/filterer.rb:284:in `filtered_object' 627 (druby://127.0.0.1:55549) /Users/madhukanoor/devsrc/manageiq/lib/rbac/filterer.rb:120:in `filtered_object'628 (druby://127.0.0.1:55549) /Users/madhukanoor/devsrc/manageiq/lib/rbac.rb:7:in `filtered_object'629 (druby://127.0.0.1:55549) /Users/madhukanoor/devsrc/manageiq/lib/miq_automation_engine/engine/mi q_ae_method_service/miq_ae_service_rbac.rb:34:in `filter_objects'630 (druby://127.0.0.1:55549) /Users/madhukanoor/devsrc/manageiq/lib/miq_automation_engine/engine/mi q_ae_method_service/miq_ae_service_model_base.rb:122:in `block (2 levels) in expose' Version-Release number of selected component (if applicable): 5.7 How reproducible: Every time Steps to Reproduce: 1. Create a new Automate Domain (e.g. TEST) that you can write to 2. Copy the System/Request class from ManageIQ to the new domain created in Step 1 3. In the System/Request class create a new instance called RBAC_TEST Set one of the method slots in the instance to call a method RBAC_TEST_SCRIPT 4. In the System/Request class create a new Method called RBAC_TEST_SCRIPT with the following data $evm.enable_rbac all_vms = $evm.vmdb('vm').all vm_list = {} all_vms.each do |item| vm_list[item.id] = item.name end 5. Navigate to Automate -> Simulation 6. Set the REQUEST to RBAC_TEST 7. And push the Submit button 8. This will cause the Automate Method to fail. 9. If you check the log you should see the RBAC error Actual results: Method fails Expected results: Method should not cause failure Additional info:
https://github.com/ManageIQ/manageiq/pull/14309
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/538f9826ff2ad1f0fd515febbf007fe08e45de91 commit 538f9826ff2ad1f0fd515febbf007fe08e45de91 Author: Madhu Kanoor <mkanoor> AuthorDate: Mon Mar 13 16:08:17 2017 -0400 Commit: Madhu Kanoor <mkanoor> CommitDate: Mon Mar 13 16:08:17 2017 -0400 RBAC filter only applies to associations https://bugzilla.redhat.com/show_bug.cgi?id=1431822 The RBAC filter was being applied to regular attributes like name etc. It only applies to associations which point to other VMDB objects. .../engine/miq_ae_method_service/miq_ae_service_model_base.rb | 2 +- .../engine/miq_ae_method_service/miq_ae_service_rbac_spec.rb | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-)
New commit detected on ManageIQ/manageiq/euwe: https://github.com/ManageIQ/manageiq/commit/b0073192e25d349aa5f4355c5d9c6a2ef8e327fb commit b0073192e25d349aa5f4355c5d9c6a2ef8e327fb Author: Madhu Kanoor <mkanoor> AuthorDate: Wed Mar 15 17:02:14 2017 -0400 Commit: Madhu Kanoor <mkanoor> CommitDate: Wed Mar 15 17:02:14 2017 -0400 RBAC filter only applies to associations and not attributes https://bugzilla.redhat.com/show_bug.cgi?id=1431822 For Euwe lib/miq_automation_engine/engine/miq_ae_service_model_base.rb | 2 +- .../engine/miq_ae_service/miq_ae_service_rbac_spec.rb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
Verified in 5.8.0.7. The method did not cause a failure.