Description of problem: When running `foreman-maintain upgrade check --target-version 6.5` it tells me that I have corrupted roles (Check for roles that have filters with multiple resources attached: [FAIL], There are user roles with inconsistent filters), but there is no way to see which roles are affected and what steps it will execute to fix this issue. As a user/admin, I am interested in this information to better understand the issue and maybe also avoiding it in the future (if I create my filters via automation, maybe my automation is bad?). Version-Release number of selected component (if applicable): rubygem-foreman_maintain-0.3.3-1.el7sat.noarch How reproducible: 100% Steps to Reproduce: 1. foreman-maintain upgrade check --target-version 6.5 Actual results: "There are user roles with inconsistent filters" Expected results: More info which roles/filters are affected Additional info:
Further, there are no deprecation notes to state that there is a change in how roles / filters behave.
Created redmine issue https://projects.theforeman.org/issues/29713 from this bug
Upstream bug assigned to supatil
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/29713 has been resolved.
Verified. Tested on Satellite 6.10.0 Snap 3.0 Version: rubygem-foreman_maintain-0.8.1-1.el7sat.noarch Setup: 1. # hammer role create --name test_role 2. # hammer filter available-permissions 3. # hammer filter create --role test_role --permission-ids 62,68 (Here id's 62 and 68 are for view_hosts and console_hosts respectively) 4. # hammer filter list --search role=test_role (Check for the role, resource type, and permissions assigned) 5. Change resource type of any permission to test this check - # sudo su - postgres -c "psql -d foreman -c 'UPDATE permissions SET resource_type = '\''xyz'\'' WHERE name = '\''console_hosts'\'';'" Steps: 1. # foreman-maintain health check --label corrupted-roles Observation: The check was able to detect and fix the corrupted roles along it also displayed their names as well. Also, After the resource type is changed so it tries to split the filter while splitting out of 2 only 1 permission was changed so it created a new filter for it, and check that with the command `# hammer filter list --search role=test_role`
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Satellite 6.10 Satellite Maintenance Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4697