Description of problem: Attempting to change LDAP/AD group in Self-service UI fails with the this production log error: ERROR -- : An unauthorized connection attempt was rejected ERROR -- : Failed to upgrade to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: WebSocket) Version-Release number of selected component (if applicable): 5.8.1.5 How reproducible: Steps to Reproduce: 1. Log in to SUI 2. Change group (via top right drop down) 3. Actual results: Change group fails (with production log error) Expected results: Change group successful. Additional info:
Changing groups doesn't happen instantly. If ya could, attempt a group change, then wait some arbitrary time, 3 minutes, and check the group again. Screen shots, or an ip of a machine would be helpful in trouble shooting this issue.
Every time I attempt a group change, the page re-renders fully but the group remains unchanged and the error above appears in the production log. The environment concerned, isn't accessible unfortunately.
Aww BUMMER, ok well websocket error is unrelated, the other might indicate the group you are trying to switch doesn't have roles with product features that support using the SUI.
Ok, I've done some more testing. It looks like the group is changing but the 'Change Group' menu doesn't update correctly to reflect the currently selected group. As such, it isn't possible to change back without logging out and back in again.
Going to make a gif of this, but changing the group is working correctly, if you're not seeing the menu update, not waiting enough time. Stand by for that gif thing...
Ok, I've waited 10 minutes and still no change.
A Pivotal Tracker story has been created for this Bug: https://www.pivotaltracker.com/story/show/150641732
Ok so we're gonna have to tag in some friends on the server team to help with this one. At the core, sui sets the `x-miq-group` header to the newly selected group and then reloads the dashboard, which refreshes the user. Not sure what the server is doing, but its something along the lines of looking for that updated header and then changing the user current group. It works sometimes, but other times not so much and other times, after switching the user current group from the SUI and logging into classic yields "The ManageIQ Server is still starting. If this message persists, please contact your ManageIQ administrator." with no console or network output to indicate what might be up.
Created attachment 1319707 [details] Error seen when setting group in sui then trying to log into classic
Allen added a comment in Pivotal Tracker: when updating group via api, the follow error is thrown :sad_face: continuing to work this issue from the approach of "hey lets do a little bit more than update the session headers and wait for miq server to notice"
Need support figuring out how to make the api happy: url: POST http://localhost:3001/api/users/10000000000001 body: {"action": "edit", "resource": {"group": {"name": "10000000000002"}}} seeing: { "error": { "kind": "bad_request", "message": "Cannot update attributes other than password, email, settings for the authenticated user", "klass": "Api::BadRequestError" } } User is making POST to modify self, is an admin user, though I would imagine being an admin shouldn't be required to change current group.
https://github.com/ManageIQ/manageiq-api/issues/74 is needed before we put this thing to bed... POST http://localhost:3000/api/users/:id with a body of {"action": "edit", "group": { "href": "http://localhost:3001/api/groups/:desiredGroupId" }} Now works as expected, yields instant group switching.
https://github.com/ManageIQ/manageiq-ui-service/pull/1013 annnnnnnd THE END IS NEAR
I need a list of roles that have SSUI perms, initial testing fails and without a list of valid roles, I'm blocked.
https://bugzilla.redhat.com/show_bug.cgi?id=1466514#c15
Verified on 5.9.0.11 Ext Auth FreeIPA/AD/OpenLDAP
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0380