Description of problem: It's easy to mistakenly run fix_auth in dry run mode and there is no indication that it didn't save any password changes. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. fix_auth -h x.x.x.x -d vmdb_production -U root --password smartvm --invalid bogus 2. 3. Actual results: -d vmdb_production is commmonly used for pg_backup/pg_restore but in fix_auth enables dry run and sets the database to vmdb_production. Written as [1], it's more obvious that we are setting a flag with -d and not setting a value: [1] fix_auth -h x.x.x.x -d -U root --password blah --invalid bogus vmdb_production The correct way to run it is [2] [2] fix_auth -h x.x.x.x -U root --password blah --invalid bogus vmdb_production The output even with --verbose enabled does not indicate we're running in dry run mode. fixing authentications.password, auth_key fixing miq_databases.registration_http_proxy_server, session_secret_token, csrf_secret_token 1: session_secret_token: "v2:{aaa...}" => v2:{bbb...} csrf_secret_token: "v2:{ccc...}" => v2:{ddd...} fixing miq_ae_values.value fixing miq_ae_fields.default_value fixing miq_requests.options fixing miq_request_tasks.options fixing settings_changes.value Expected results: If you run with dry run enabled, the script should make this more obvious. Additional info:
Please assess the impact of this issue and update the severity accordingly. Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition. If it's something like a tracker bug where it doesn't matter, please set the severity to Low.
https://github.com/ManageIQ/manageiq/pull/17410
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/8935d7834c1ba894d5b574b112a79435782a6858 commit 8935d7834c1ba894d5b574b112a79435782a6858 Author: Joe Rafaniello <jrafanie> AuthorDate: Thu May 10 17:59:37 2018 -0400 Commit: Joe Rafaniello <jrafanie> CommitDate: Thu May 10 17:59:37 2018 -0400 Warn when we're running fix_auth in dry run mode https://bugzilla.redhat.com/show_bug.cgi?id=1577303 It's very easy to use -d incorrectly as the database name. We should remove the short option -d (for dry run) since it conflicts with pg_dump and other tooling for postgresql but regardless, we should have obvious feedback that we're in dry run mode. **Fix database.yml output with dry run** ``` $ tools/fix_auth.rb -h localhost -U root --password smartvm --hardcode bogus vmdb_development -d --verbose -y ** fix_database_yml is executing in dry-run mode, and no actual changes will be made** fixing /Users/joerafaniello/Code/manageiq/config/database.yml.yaml /Users/joerafaniello/Code/manageiq/config/database.yml: yaml: viewed 1 records ** This was executed in dry-run, and no actual changes will be made to /Users/joerafaniello/Code/manageiq/config/database.yml ** ``` **Fix database passwords with dry run** ``` $ tools/fix_auth.rb -h localhost -U root --password smartvm --hardcode bogus vmdb_development -d --verbose ** fix_database_passwords is executing in dry-run mode, and no actual changes will be made** fixing authentications.password, auth_key viewed 0 records fixing miq_databases.registration_http_proxy_server, session_secret_token, csrf_secret_token 1: session_secret_token: "v2:{...}" => v2:{...} csrf_secret_token: "v2:{...}" => v2:{...} viewed 1 records ** This was executed in dry-run, and no actual changes will be made to miq_databases ** fixing miq_ae_values.value viewed 0 records fixing miq_ae_fields.default_value viewed 0 records fixing settings_changes.value viewed 0 records fixing miq_requests.options viewed 0 records fixing miq_request_tasks.options viewed 0 records ``` tools/fix_auth/auth_model.rb | 3 + tools/fix_auth/fix_auth.rb | 9 + 2 files changed, 12 insertions(+)