Bug 1574533 - user with minimal rights to play Ansible on host is unable to do so: PG::NotNullViolation: ERROR: null value in column "targeting_id" violates not-null constraint
Summary: user with minimal rights to play Ansible on host is unable to do so: PG::NotN...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Ansible - Configuration Management
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: 6.4.0
Assignee: Marek Hulan
QA Contact: Lukas Pramuk
URL:
Whiteboard:
Depends On:
Blocks: 1449011
TreeView+ depends on / blocked
 
Reported: 2018-05-03 13:51 UTC by Jan Hutař
Modified: 2019-11-05 23:18 UTC (History)
2 users (show)

Fixed In Version: foreman_ansible-2.2.2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-16 18:52:12 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Traceback (17.90 KB, text/plain)
2018-05-03 13:51 UTC, Jan Hutař 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 24207 0 None None None 2018-07-09 13:42:00 UTC

Description Jan Hutař 2018-05-03 13:51:08 UTC 
Description of problem:
User with minimal rights to play Ansible on host is unable to do so:

Oops, we're sorry but something went wrong PG::NotNullViolation: ERROR: null value in column "targeting_id" violates not-null constraint DETAIL: Failing row contains (12, null, null, null, null, null, null, null, null, null, null, null, null). : INSERT INTO "job_invocations" DEFAULT VALUES RETURNING "id"


Version-Release number of selected component (if applicable):
satellite-6.4.0-3.beta.el7sat.noarch
rubygem-smart_proxy_ansible-2.0.2-3.el7sat.noarch
tfm-rubygem-foreman_ansible_core-2.0.2-1.el7sat.noarch
tfm-rubygem-foreman_ansible-2.0.4-1.el7sat.noarch
ansible-2.4.2.0-2.el7.noarch


How reproducible:
always


Steps to Reproduce:
1. Have Sat with some roles imported and host with role assigned
   (I have used linuxhq.setup)
2. Create user (in correct org and loc - also I have configured default
   "after login" org and loc)
3. Grant that user access roles "Ansible Roles Manager" and "Viewer"
4. Login as that user and make sure you can see your host in Hosts -> All hosts
5. Hosts -> All hosts -> <host> -> Run Ansible roles


Actual results:
ISE


Expected results:
Should work
Comment 1 Jan Hutař 2018-05-03 13:51:45 UTC 
Created attachment 1430696 [details]
Traceback
Comment 3 Marek Hulan 2018-07-09 13:38:07 UTC 
Reproducible upstream, the error is ugly but it's caused by the fact user is missing other required permission. The minimal set of roles is missing "Remote execution user"

We should add another check for user having create_job_invocations in order to display the button (including the bulk action and play for host/hostgroup)
Comment 5 Marek Hulan 2018-07-09 13:41:58 UTC 
Created redmine issue https://projects.theforeman.org/issues/24207 from this bug
Comment 6 Satellite Program 2018-07-11 10:13:35 UTC 
Upstream bug assigned to mhulan
Comment 7 Satellite Program 2018-07-11 10:13:39 UTC 
Upstream bug assigned to mhulan
Comment 8 Satellite Program 2018-07-11 20:13:13 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/24207 has been resolved.
Comment 9 Martin Korbel 2018-07-24 10:08:55 UTC 
VERIFIED on Sat6.4#13

Reproducer via comment #0 and the button "Run Ansible roles" is not available.

When we add "Remote execution user" permission (comment #3), all works fine.
Comment 11 Bryan Kearney 2018-10-16 18:52:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2927
Note You need to log in before you can comment on or make changes to this bug.