Bug 1577303 - fix_auth provides no feedback indicating it's running in dry run mode
Summary: fix_auth provides no feedback indicating it's running in dry run mode
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.9.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: GA
: 5.10.0
Assignee: Joe Rafaniello
QA Contact: Jaroslav Henner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-11 16:21 UTC by Joe Rafaniello
Modified: 2019-11-19 20:57 UTC (History)
6 users (show)

Fixed In Version: 5.10.0.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-18 17:30:10 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:


Attachments (Terms of Use)

Description Joe Rafaniello 2018-05-11 16:21:54 UTC
Description of problem:  It's easy to mistakenly run fix_auth in dry run mode and there is no indication that it didn't save any password changes.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. fix_auth -h x.x.x.x -d vmdb_production -U root --password smartvm --invalid bogus
2.
3.

Actual results:

-d vmdb_production is commmonly used for pg_backup/pg_restore but in fix_auth enables dry run and sets the database to vmdb_production.

Written as [1], it's more obvious that we are setting a flag with -d and not setting a value:

[1] fix_auth -h x.x.x.x -d -U root --password blah --invalid bogus vmdb_production

The correct way to run it is [2]

[2] fix_auth -h x.x.x.x -U root --password blah --invalid bogus vmdb_production

The output even with --verbose enabled does not indicate we're running in dry run mode.

fixing authentications.password, auth_key
fixing miq_databases.registration_http_proxy_server, session_secret_token, csrf_secret_token
  1:
    session_secret_token: "v2:{aaa...}" => v2:{bbb...}
    csrf_secret_token: "v2:{ccc...}" => v2:{ddd...}
fixing miq_ae_values.value
fixing miq_ae_fields.default_value
fixing miq_requests.options
fixing miq_request_tasks.options
fixing settings_changes.value


Expected results:  If you run with dry run enabled, the script should make this more obvious.


Additional info:

Comment 2 Dave Johnson 2018-05-11 16:43:44 UTC
Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.

If it's something like a tracker bug where it doesn't matter, please set the severity to Low.

Comment 4 CFME Bot 2018-06-05 15:31:36 UTC
New commit detected on ManageIQ/manageiq/master:

https://github.com/ManageIQ/manageiq/commit/8935d7834c1ba894d5b574b112a79435782a6858
commit 8935d7834c1ba894d5b574b112a79435782a6858
Author:     Joe Rafaniello <jrafanie@redhat.com>
AuthorDate: Thu May 10 17:59:37 2018 -0400
Commit:     Joe Rafaniello <jrafanie@redhat.com>
CommitDate: Thu May 10 17:59:37 2018 -0400

    Warn when we're running fix_auth in dry run mode

    https://bugzilla.redhat.com/show_bug.cgi?id=1577303

    It's very easy to use -d incorrectly as the database name.
    We should remove the short option -d (for dry run) since it
    conflicts with pg_dump and other tooling for postgresql but
    regardless, we should have obvious feedback that we're in dry run
    mode.

    **Fix database.yml output with dry run**

    ```
    $ tools/fix_auth.rb -h localhost -U root --password smartvm --hardcode bogus vmdb_development -d --verbose -y
    ** fix_database_yml is executing in dry-run mode, and no actual changes will be made**
    fixing /Users/joerafaniello/Code/manageiq/config/database.yml.yaml
      /Users/joerafaniello/Code/manageiq/config/database.yml:
        yaml:
    viewed 1 records
    ** This was executed in dry-run, and no actual changes will be made to /Users/joerafaniello/Code/manageiq/config/database.yml **
    ```

    **Fix database passwords with dry run**

    ```
    $ tools/fix_auth.rb -h localhost -U root --password smartvm --hardcode bogus vmdb_development -d --verbose
    ** fix_database_passwords is executing in dry-run mode, and no actual changes will be made**
    fixing authentications.password, auth_key
    viewed 0 records
    fixing miq_databases.registration_http_proxy_server, session_secret_token, csrf_secret_token
      1:
        session_secret_token: "v2:{...}" => v2:{...}
        csrf_secret_token: "v2:{...}" => v2:{...}
    viewed 1 records
    ** This was executed in dry-run, and no actual changes will be made to miq_databases **
    fixing miq_ae_values.value
    viewed 0 records
    fixing miq_ae_fields.default_value
    viewed 0 records
    fixing settings_changes.value
    viewed 0 records
    fixing miq_requests.options
    viewed 0 records
    fixing miq_request_tasks.options
    viewed 0 records
    ```

 tools/fix_auth/auth_model.rb | 3 +
 tools/fix_auth/fix_auth.rb | 9 +
 2 files changed, 12 insertions(+)


Note You need to log in before you can comment on or make changes to this bug.