Bug 1432716
| Summary: | Regression: Upgrade to 6.2.8 breaks Dashboard for SSO users | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Paul Armstrong <parmstro> | ||||
| Component: | Dashboard | Assignee: | satellite6-bugs <satellite6-bugs> | ||||
| Status: | CLOSED WORKSFORME | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 6.2.8 | CC: | bbuckingham, jcallaha, mhulan, parmstro, sgraessl, tbrisker | ||||
| Target Milestone: | Unspecified | Keywords: | Triaged | ||||
| Target Release: | Unused | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-05-11 19:33:56 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Paul Armstrong
2017-03-16 02:04:10 UTC
In researching another issue, https://bugzilla.redhat.com/show_bug.cgi?id=1368212 I noticed that for some reason my IdM user that gets created no longer has admin privilege in table 'users'. external group admins in IdM is mapped to the admins group in Satellite. When I try to refresh that group, I get an error "unable to refresh external group" If I kdestroy, then log in as the admin user. I can see the login for my idm user. When I delete it, it is cleaned up from the users table appropriately. Then if I kinit and the go to the base Satellite URL, the new user is created in the users table with a new id. I am logged on successfully. The new user shows up in the Users list in the WebAPI and Administrator is ticked. NOTE: that admin = f in the users table for the newly created user. I can log out and then log back in again no problem. I can kdestroy, then kinit and visit the Satellite base URL or simply click log back in. All seems to work as expected. And I no longer see the "permission denied" message. ****HOWEVER**** If I modify my profile to select the Default Org or Location on login and save it (successfully). Then log out and try to log back in. I get the issue stated in the BZ above (1368212) and then on successfully logging back in by visiting the base URL I get the permission denied error. Selecting my account to try to edit the Defaults ends up giving me a "user not found" error. In visiting the users administration page, the IdM user is not listed. foreman=# select * from users where id=8; id | login | firstname | lastname | mail | admin | last_login_on | auth_source_id | created_at | updated_at | password_hash | password_salt | locale | avatar_hash | default_organization_id | default_location_id | lower_login | mail_enabled | timezone ----+----------+-----------+-----------+------------------------+-------+----------------------------+----------------+----------------------------+---------------------------+ ---------------+---------------+--------+-------------+-------------------------+---------------------+-------------+--------------+---------- 8 | parmstro | Paul | Armstrong | parmstro | f | 2017-03-20 19:58:15.609475 | 4 | 2017-03-20 19:58:15.504356 | 2017-03-20 20:05:39.15123 | | | | | 3 | 4 | parmstro | t | (1 row) Now logging in as admin user and selecting Any/Any context. I see the user.
No locations are selected, that is probably why we can't see the user when logged in.
The admin role is not selected...
and checking the external group mappings trying to refresh the admins mapping
"Warning: External user group admins could not be refreshed"
loggers -> sql debug
production.log
2017-03-20 16:22:04 [sql] [D] (0.4ms) SELECT "katello_events"."object_id" FROM "katello_events" WHERE "katello_events"."in_progress" = 'f' ORDER BY "katello_events"."created_at" ASC LIMIT 1
2017-03-20 16:22:04 [sql] [D] (0.4ms) SELECT "katello_events"."event_type" FROM "katello_events" WHERE "katello_events"."in_progress" = 'f' ORDER BY "katello_events"."created_at" ASC LIMIT 1
2017-03-20 16:22:04 [sql] [D] Katello::Event Load (0.3ms) SELECT "katello_events".* FROM "katello_events" WHERE "katello_events"."in_progress" = 'f' AND 1=0 AND 1=0 ORDER BY "katello_events"."created_at" DESC LIMIT 1
2017-03-20 16:22:04 [sql] [D] SQL (0.5ms) UPDATE "katello_events" SET "in_progress" = 't' WHERE "katello_events"."id" IN (SELECT "katello_events"."id" FROM "katello_events" WHERE "katello_events"."in_progress" = 'f' AND 1=0 AND 1=0 ORDER BY "katello_events"."created_at" ASC)
2017-03-20 16:22:04 [app] [I] Started PUT "/external_usergroups/admins/refresh" for 192.168.252.131 at 2017-03-20 16:22:04 -0400
2017-03-20 16:22:04 [app] [I] Processing by ExternalUsergroupsController#refresh as HTML
2017-03-20 16:22:04 [app] [I] Parameters: {"authenticity_token"=>"/HSU3qoj47rbhvBrT8xHYewFRb3LNEy4oEFX5/ZPrQc=", "id"=>"admins"}
2017-03-20 16:22:04 [sql] [D] ActiveRecord::SessionStore::Session Load (0.6ms) SELECT "sessions".* FROM "sessions" WHERE "sessions"."session_id" = 'c920069c22a1926222518fe9675c5149' ORDER BY "sessions"."id" ASC LIMIT 1
2017-03-20 16:22:04 [sql] [D] User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT 1 [["id", 3]]
2017-03-20 16:22:04 [sql] [D] (0.5ms) SELECT COUNT(*) FROM "taxonomies" WHERE "taxonomies"."type" IN ('Organization')
2017-03-20 16:22:04 [sql] [D] (0.3ms) SELECT COUNT(*) FROM "taxonomies" WHERE "taxonomies"."type" IN ('Location')
2017-03-20 16:22:04 [sql] [D] AuthSource Load (0.2ms) SELECT "auth_sources".* FROM "auth_sources" WHERE "auth_sources"."id" = $1 LIMIT 1 [["id", 1]]
2017-03-20 16:22:04 [sql] [D] (0.3ms) SELECT "taxonomies"."id" FROM "taxonomies" WHERE "taxonomies"."type" IN ('Location') LIMIT 1
2017-03-20 16:22:04 [sql] [D] (0.4ms) SELECT "taxonomies"."id" FROM "taxonomies" WHERE "taxonomies"."type" IN ('Organization') LIMIT 1
2017-03-20 16:22:04 [sql] [D] (0.5ms) SELECT COUNT(*) FROM "external_usergroups"
2017-03-20 16:22:04 [sql] [D] ExternalUsergroup Load (0.5ms) SELECT "external_usergroups".* FROM "external_usergroups" WHERE "external_usergroups"."id" = 0 LIMIT 1
2017-03-20 16:22:04 [sql] [D] ExternalUsergroup Load (0.5ms) SELECT "external_usergroups".* FROM "external_usergroups" WHERE "external_usergroups"."name" = 'admins' ORDER BY "external_usergroups"."id" ASC LIMIT 1
2017-03-20 16:22:04 [sql] [D] AuthSource Load (0.3ms) SELECT "auth_sources".* FROM "auth_sources" WHERE "auth_sources"."id" = $1 LIMIT 1 [["id", 4]]
2017-03-20 16:22:04 [app] [I] Redirected to https://sat6.parmstrong.ca/usergroups
2017-03-20 16:22:04 [app] [I] Completed 302 Found in 21ms (ActiveRecord: 4.4ms)
2017-03-20 16:22:04 [sql] [D] (0.2ms) BEGIN
2017-03-20 16:22:04 [sql] [D] SQL (0.2ms) UPDATE "sessions" SET "data" = $1, "updated_at" = $2 WHERE "sessions"."id" = 1064323 [["data", "BAh7D0kiD3Nzb19tZXRob2QGOgZFRkkiF1NTTzo6Rm9ybUludGVyY2VwdAY7\nAEZJIgl1c2VyBjsARmkISSIPZXhwaXJlc19hdAY7AEZsKwdsi9FYSSILbG9j\nYWxlBjsARiIHZW5JIhBfY3NyZl90b2tlbgY7AEZJIjEvSFNVM3FvajQ3cmJo\ndkJyVDh4SFlld0ZSYjNMTkV5NG9FRlg1L1pQclFjPQY7AEZJIiJyZWRpcmVj\ndF90b191cmxfb3JnYW5pemF0aW9ucwY7AFQiJWh0dHBzOi8vc2F0Ni5wYXJt\nc3Ryb25nLmNhL3VzZXJzSSIecmVkaXJlY3RfdG9fdXJsX2xvY2F0aW9ucwY7\nAFQiJWh0dHBzOi8vc2F0Ni5wYXJtc3Ryb25nLmNhL3VzZXJzSSIacmVkaXJl\nY3RfdG9fdXJsX3VzZXJzBjsAVCIlaHR0cHM6Ly9zYXQ2LnBhcm1zdHJvbmcu\nY2EvdXNlcnNJIh9yZWRpcmVjdF90b191cmxfdXNlcmdyb3VwcwY7AFQiKmh0\ndHBzOi8vc2F0Ni5wYXJtc3Ryb25nLmNhL3VzZXJncm91cHNJIgpmbGFzaAY7\nAFR7B0kiDGRpc2NhcmQGOwBUWwBJIgxmbGFzaGVzBjsAVHsGSSIMd2Fybmlu\nZwY7AEZJIjZFeHRlcm5hbCB1c2VyIGdyb3VwIGFkbWlucyBjb3VsZCBub3Qg\nYmUgcmVmcmVzaGVkBjsAVA==\n"], ["updated_at", "2017-03-20 20:22:04.702380"]]
2017-03-20 16:22:04 [sql] [D] (4.7ms) COMMIT
2017-03-20 16:22:04 [app] [I] Started GET "/usergroups" for 192.168.252.131 at 2017-03-20 16:22:04 -0400
2017-03-20 16:22:04 [app] [I] Processing by UsergroupsController#index as HTML
2017-03-20 16:22:04 [sql] [D] ActiveRecord::SessionStore::Session Load (0.9ms) SELECT "sessions".* FROM "sessions" WHERE "sessions"."session_id" = 'c920069c22a1926222518fe9675c5149' ORDER BY "sessions"."id" ASC LIMIT 1
2017-03-20 16:22:04 [sql] [D] User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT 1 [["id", 3]]
2017-03-20 16:22:04 [sql] [D] (0.4ms) SELECT COUNT(*) FROM "taxonomies" WHERE "taxonomies"."type" IN ('Organization')
2017-03-20 16:22:04 [sql] [D] (0.3ms) SELECT COUNT(*) FROM "taxonomies" WHERE "taxonomies"."type" IN ('Location')
2017-03-20 16:22:04 [sql] [D] AuthSource Load (0.3ms) SELECT "auth_sources".* FROM "auth_sources" WHERE "auth_sources"."id" = $1 LIMIT 1 [["id", 1]]
2017-03-20 16:22:04 [sql] [D] (0.3ms) SELECT "taxonomies"."id" FROM "taxonomies" WHERE "taxonomies"."type" IN ('Location') LIMIT 1
2017-03-20 16:22:04 [sql] [D] (0.3ms) SELECT "taxonomies"."id" FROM "taxonomies" WHERE "taxonomies"."type" IN ('Organization') LIMIT 1
2017-03-20 16:22:04 [sql] [D] Usergroup Load (0.3ms) SELECT "usergroups".* FROM "usergroups" ORDER BY usergroups.name LIMIT 1
2017-03-20 16:22:04 [sql] [D] Usergroup Load (0.4ms) SELECT "usergroups".* FROM "usergroups" ORDER BY usergroups.name LIMIT 100 OFFSET 0
2017-03-20 16:22:04 [sql] [D] UsergroupMember Load (0.4ms) SELECT "usergroup_members".* FROM "usergroup_members" WHERE "usergroup_members"."member_type" = 'Usergroup' AND "usergroup_members"."usergroup_id" IN (1, 3, 2)
2017-03-20 16:22:04 [sql] [D] (0.4ms) SELECT auth_sources.id FROM "auth_sources" WHERE "auth_sources"."type" IN ('AuthSourceHidden')
2017-03-20 16:22:04 [sql] [D] User Load (0.4ms) SELECT "users".* FROM "users" INNER JOIN "usergroup_members" ON "users"."id" = "usergroup_members"."member_id" WHERE "usergroup_members"."usergroup_id" = $1 AND "usergroup_members"."member_type" = 'User' AND ("users"."auth_source_id" NOT IN (2)) ORDER BY firstname [["usergroup_id", 1]]
2017-03-20 16:22:04 [sql] [D] CACHE (0.0ms) SELECT auth_sources.id FROM "auth_sources" WHERE "auth_sources"."type" IN ('AuthSourceHidden')
2017-03-20 16:22:04 [sql] [D] User Load (0.7ms) SELECT "users".* FROM "users" INNER JOIN "usergroup_members" ON "users"."id" = "usergroup_members"."member_id" WHERE "usergroup_members"."usergroup_id" = $1 AND "usergroup_members"."member_type" = 'User' AND ("users"."auth_source_id" NOT IN (2)) ORDER BY firstname [["usergroup_id", 3]]
2017-03-20 16:22:04 [sql] [D] CACHE (0.0ms) SELECT auth_sources.id FROM "auth_sources" WHERE "auth_sources"."type" IN ('AuthSourceHidden')
2017-03-20 16:22:04 [sql] [D] User Load (0.5ms) SELECT "users".* FROM "users" INNER JOIN "usergroup_members" ON "users"."id" = "usergroup_members"."member_id" WHERE "usergroup_members"."usergroup_id" = $1 AND "usergroup_members"."member_type" = 'User' AND ("users"."auth_source_id" NOT IN (2)) ORDER BY firstname [["usergroup_id", 2]]
2017-03-20 16:22:04 [app] [I] Rendered usergroups/index.html.erb within layouts/application (24.5ms)
2017-03-20 16:22:04 [sql] [D] Bookmark Load (0.6ms) SELECT "bookmarks".* FROM "bookmarks" WHERE (((bookmarks.public = 't') OR (bookmarks.owner_id = 3 AND bookmarks.owner_type = 'User'))) AND (controller = 'usergroups') ORDER BY "bookmarks"."name" ASC
2017-03-20 16:22:04 [app] [I] Rendered common/_searchbar.html.erb (4.6ms)
2017-03-20 16:22:04 [app] [I] Rendered layouts/_application_content.html.erb (5.5ms)
2017-03-20 16:22:04 [app] [I] Rendered home/_submenu.html.erb (1.7ms)
2017-03-20 16:22:04 [app] [I] Rendered home/_user_dropdown.html.erb (2.0ms)
2017-03-20 16:22:04 [app] [I] Read fragment views/tabs_and_title_records-3 (0.2ms)
2017-03-20 16:22:04 [app] [I] Rendered home/_topbar.html.erb (5.6ms)
2017-03-20 16:22:04 [app] [I] Rendered layouts/base.html.erb (7.6ms)
2017-03-20 16:22:04 [app] [I] Completed 200 OK in 57ms (Views: 36.2ms | ActiveRecord: 6.5ms)
2017-03-20 16:22:04 [sql] [D] (0.1ms) BEGIN
2017-03-20 16:22:04 [sql] [D] SQL (0.3ms) UPDATE "sessions" SET "data" = $1, "updated_at" = $2 WHERE "sessions"."id" = 1064323 [["data", "BAh7DkkiD3Nzb19tZXRob2QGOgZFRkkiF1NTTzo6Rm9ybUludGVyY2VwdAY7\nAEZJIgl1c2VyBjsARmkISSIPZXhwaXJlc19hdAY7AEZsKwdsi9FYSSILbG9j\nYWxlBjsARiIHZW5JIhBfY3NyZl90b2tlbgY7AEZJIjEvSFNVM3FvajQ3cmJo\ndkJyVDh4SFlld0ZSYjNMTkV5NG9FRlg1L1pQclFjPQY7AEZJIiJyZWRpcmVj\ndF90b191cmxfb3JnYW5pemF0aW9ucwY7AFQiJWh0dHBzOi8vc2F0Ni5wYXJt\nc3Ryb25nLmNhL3VzZXJzSSIecmVkaXJlY3RfdG9fdXJsX2xvY2F0aW9ucwY7\nAFQiJWh0dHBzOi8vc2F0Ni5wYXJtc3Ryb25nLmNhL3VzZXJzSSIacmVkaXJl\nY3RfdG9fdXJsX3VzZXJzBjsAVCIlaHR0cHM6Ly9zYXQ2LnBhcm1zdHJvbmcu\nY2EvdXNlcnNJIgpmbGFzaAY7AFR7B0kiDGRpc2NhcmQGOwBUWwZJIgx3YXJu\naW5nBjsARkkiDGZsYXNoZXMGOwBUewZAGUkiNkV4dGVybmFsIHVzZXIgZ3Jv\ndXAgYWRtaW5zIGNvdWxkIG5vdCBiZSByZWZyZXNoZWQGOwBU\n"], ["updated_at", "2017-03-20 20:22:04.777244"]]
2017-03-20 16:22:04 [sql] [D] (2.0ms) COMMIT
2017-03-20 16:22:05 [foreman-tasks/dynflow] [D] Step ce89394d-b10e-4831-b18a-e5fbfb2ab3a0:84 got event Dynflow::Action::Polling::Poll
2017-03-20 16:22:05 [foreman-tasks/dynflow] [D] Step ce89394d-b10e-4831-b18a-e5fbfb2ab3a0:84 suspended >> running in phase Run Actions::Pulp::Consumer::SyncCapsule
2017-03-20 16:22:05 [sql] [D] SmartProxy Load (0.3ms) SELECT "smart_proxies".* FROM "smart_proxies" WHERE "smart_proxies"."id" = $1 ORDER BY smart_proxies.name LIMIT 1 [["id", 2]]
2017-03-20 16:22:05 [katello/pulp_rest] [D] RestClient.get "https://capsule.parmstrong.ca/pulp/api/v2/tasks/126cbdbf-6274-4803-b36b-5bd0d532b525/", "Accept"=>"*/*; q=0.5, application/xml", "Accept-Encoding"=>"gzip, deflate", "accept"=>"application/json", "content_type"=>"application/json"
| \n# => 200 OK | application/json 391 bytes
|
|