Bug 1810477 - The UI to create an embedded Ansible service allows for invalid combinations of options
Summary: The UI to create an embedded Ansible service allows for invalid combinations ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.11.3
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: GA
: 5.11.7
Assignee: Milan Zázrivec
QA Contact: Gaurav Talreja
Red Hat CloudForms Documentation
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-05 10:36 UTC by Peter McGowan
Modified: 2020-08-18 08:48 UTC (History)
10 users (show)

Fixed In Version: 5.11.7.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-08-06 14:32:54 UTC
Category: Bug
Cloudforms Team: CFME Core
Target Upstream Version:
simaishi: cfme-5.11.z+


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:3358 0 None None None 2020-08-06 14:33:05 UTC

Description Peter McGowan 2020-03-05 10:36:45 UTC
Description of problem:
The UI screen to create an embedded Ansible service allows the user to toggle the 'Escalate Privilege' slider to Yes/No, regardless of whether the previously selected Machine Credential contains a Privilege Escalation Username and Password.

If 'Escalate Privilege' is set to yes, but the Machine Credential does not contain Privilege Escalation credentials, the embedded Ansible playbook will hang, and the service will timeout and fail. From the user's point of view this is very difficult to troubleshoot, they just see the playbook as not running, with no indication as to why.

The 'Escalate Privilege' slider should be greyed out if the previously selected Machine Credential does not contain Privilege Escalation credentials.

Version-Release number of selected component (if applicable):
5.11.3.1

How reproducible:
Every time

Steps to Reproduce:
1. Enable the embedded Ansible service.
2. Add a playbook repository
3. Define a playbook service using a playbook from the repository. Ensure that the 'Escalate Privilege' slider is set to 'Yes'. Create a new dialog.
4. Run the service, selecting 'CFME Default Credential' as the machine credential, and 'localhost' as the target host

Actual results:
The service doesn't run

Expected results:
The UI should stop me from creating a service that cannot run. The UI should be able to examine the selected machine credential and determine whether or not the 'Escalate Privilege' slider is a valid option for this service.

Additional info:
This BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1809502 was created but the issue was deemed to be UI related.

Comment 8 CFME Bot 2020-06-03 18:10:52 UTC
New commit detected on ManageIQ/manageiq-ui-classic/master:

https://github.com/ManageIQ/manageiq-ui-classic/commit/1959a154f527dfcdd649b813739d227536f0dc7b
commit 1959a154f527dfcdd649b813739d227536f0dc7b
Author:     Milan Zazrivec <mzazrivec@redhat.com>
AuthorDate: Tue Jun  2 14:09:47 2020 +0000
Commit:     Milan Zazrivec <mzazrivec@redhat.com>
CommitDate: Tue Jun  2 14:09:47 2020 +0000

    Disable privilege escalation when machine credential doesn't support it

    https://bugzilla.redhat.com/show_bug.cgi?id=1810477

 app/assets/javascripts/controllers/catalog/catalog_item_form_controller.js | 4 +
 app/assets/javascripts/controllers/playbook-reusable-code-mixin.js | 2 +-
 app/views/layouts/angular/_ansible_form_options_angular.html.haml | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

Comment 9 CFME Bot 2020-06-18 20:05:51 UTC
New commit detected on ManageIQ/manageiq-ui-classic/ivanchuk:

https://github.com/ManageIQ/manageiq-ui-classic/commit/0d720cc456f05182b94fee62a71cbd151935bf11
commit 0d720cc456f05182b94fee62a71cbd151935bf11
Author:     Harpreet Kataria <hkataria@redhat.com>
AuthorDate: Wed Jun  3 18:09:07 2020 +0000
Commit:     Satoe Imaishi <simaishi@redhat.com>
CommitDate: Thu Jun 18 20:04:19 2020 +0000

    Merge pull request #7095 from mzazrivec/disable_privilege_escalation_when_needed

    Disable privilege escalation when machine credential doesn't support it

    (cherry picked from commit 23efdfcd03c7e72d7623ac3c0d4d33bfe6ad25a8)

    https://bugzilla.redhat.com/show_bug.cgi?id=1810477

 app/assets/javascripts/controllers/catalog/catalog_item_form_controller.js | 4 +
 app/assets/javascripts/controllers/playbook-reusable-code-mixin.js | 2 +-
 app/views/layouts/angular/_ansible_form_options_angular.html.haml | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

Comment 10 Gaurav Talreja 2020-07-17 07:57:12 UTC
Verified in Version : 5.11.7.0.20200714215453_0da8a4a

Comment 13 errata-xmlrpc 2020-08-06 14:32:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Critical: CloudForms 5.0.7 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3358


Note You need to log in before you can comment on or make changes to this bug.