Description of problem: What problem/issue/behavior are you having trouble with? What do you expect to see? When a user orders a Ansible Playbook based Service Catalog item, a new service is created. When the user go to Services -> My Services -> Newly created service, the error below is displayed. If an account with Super-User privileges attempt to display the same account everything works fine and the Ansible output is displayed in the WebUI. URL https://cloudforms/api/tasks/1000000428719?attributes=task_results Status 404 Not Found Content-Type application/json; charset=utf-8 Data {"error":{"kind":"not_found","message":"Couldn't find MiqTask with 'id'=1000000428719","klass":"Api::NotFoundError"}} The following error is logged in the production.log on the appliance: [----] D, [2020-05-12T20:05:14.255036 #209649:2b07b76911b4] DEBUG -- : MIQ(Rbac::Authorizer#role_allows?) Auth failed for user 'user@domain', role 'role_name', feature identifier 'miq_task_all_ui' This was not a problem on CloudForms 4.7. Version-Release number of selected component (if applicable): 5.0 How reproducible: Request service as user, always Steps to Reproduce: 1. 2. 3. Actual results: Result of requested service is not visible to user. Admin can see result of requested service. Expected results: Additional info: Affected services: $evm.root['service_id'] = 1000000000807 $evm.root['service_id'] = 1000000000808 Affected user ID: 1000000000007 API.log: [----] I, [2020-05-12T20:16:36.828881 #209649:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) API Request: {:requested_at=>"2020-05-12 18:16:36 UTC", :method=>"GET", :url=>"https://cloudforms/api/tasks/1000000428719?attributes=task_results"} [----] I, [2020-05-12T20:16:36.837509 #209649:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) Authentication: {:type=>"ui_session", :token=>nil, :x_miq_group=>nil, :user=>"user@domain"} [----] I, [2020-05-12T20:16:36.840645 #209649:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) Authorization: {:user=>"user@domain", :group=>"ldap_group", :role=>"role_name", :tenant=>"MyTenant"} [----] I, [2020-05-12T20:16:36.841052 #209649:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) Request: {:method=>:get, :action=>"read", :fullpath=>"/api/tasks/1000000428719?attributes=task_results", :url=>"https://cloudforms/api/tasks/1000000428719?attributes=task_results", :base=>"https://cloudforms", :path=>"/api/tasks/1000000428719", :prefix=>"/api", :version=>"4.1.0", :api_prefix=>"https://cloudforms/api", :collection=>"tasks", :c_suffix=>nil, :collection_id=>"1000000428719", :subcollection=>nil, :subcollection_id=>nil} [----] I, [2020-05-12T20:16:36.841359 #209649:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) Parameters: {"attributes"=>"task_results", "action"=>"show", "controller"=>"api/tasks", "format"=>"json", "body"=>{}} [----] E, [2020-05-12T20:16:36.846383 #209649:2b07b7691b00] ERROR -- : MIQ(Api::TasksController.api_error) Api::NotFoundError: Couldn't find MiqTask with 'id'=1000000428719 [----] I, [2020-05-12T20:16:36.846741 #209649:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) Response: {:completed_at=>"2020-05-12 18:16:36 UTC", :size=>"0.117 KBytes", :time_taken=>"0.018 Seconds", :status=>404} [----] I, [2020-05-12T20:16:37.183347 #209657:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request_initiated) [----] I, [2020-05-12T20:16:37.183486 #209657:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) API Request: {:requested_at=>"2020-05-12 18:16:37 UTC", :method=>"DELETE", :url=>"https://cloudforms/api/tasks/1000000428719"} [----] I, [2020-05-12T20:16:37.192070 #209657:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) Authentication: {:type=>"ui_session", :token=>nil, :x_miq_group=>nil, :user=>"user@domain"} [----] I, [2020-05-12T20:16:37.194979 #209657:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) Authorization: {:user=>"user@domain", :group=>"ldap_group", :role=>"role_name", :tenant=>"MyTenant"} [----] I, [2020-05-12T20:16:37.195351 #209657:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) Request: {:method=>:delete, :action=>"delete", :fullpath=>"/api/tasks/1000000428719", :url=>"https://cloudforms/api/tasks/1000000428719", :base=>"https://cloudforms", :path=>"/api/tasks/1000000428719", :prefix=>"/api", :version=>"4.1.0", :api_prefix=>"https://cloudforms/api", :collection=>"tasks", :c_suffix=>nil, :collection_id=>"1000000428719", :subcollection=>nil, :subcollection_id=>nil} [----] I, [2020-05-12T20:16:37.195607 #209657:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) Parameters: {"action"=>"destroy", "controller"=>"api/tasks", "format"=>"json", "body"=>{}} [----] I, [2020-05-12T20:16:37.198756 #209657:2b07b7691b00] INFO -- : MIQ(Api::TasksController.delete_resource_action) Deleting tasks id 1000000428719 [----] I, [2020-05-12T20:16:37.200233 #209657:2b07b7691b00] INFO -- : MIQ(Api::TasksController.log_request) Response: {:completed_at=>"2020-05-12 18:16:37 UTC", :size=>"0.000 KBytes", :time_taken=>"0.017 Seconds", :status=>204} evm.log: [----] I, [2020-05-12T20:16:36.147772 #209427:2b07b32852f4] INFO -- : MIQ(MiqQueue.put) Message id: [1000157705902], id: [], Zone: [WebUI], Role: [], Server: [], MiqTask id: [1000000428719], Ident: [generic], Target id: [], Instance id: [1000000000516], Task id: [], Command: [ManageIQ::Providers::EmbeddedAnsible::AutomationManager::Job.raw_stdout], Timeout: [600], Priority: [20], State: [ready], Deliver On: [], Data: [], Args: ["html"] [----] I, [2020-05-12T20:16:36.147873 #209427:2b07b32852f4] INFO -- : MIQ(MiqTask.generic_action_with_callback) Task: [1000000428719] Queued the action: [ansible_stdout] being run for user: [system]
Hi Michal, Customer states in comment 5 that the problem persists after the roles were updated. Can you ask them to supply the logs showing the failure? Thanks, Tina
https://github.com/ManageIQ/manageiq-ui-classic/pull/7093
New commit detected on ManageIQ/manageiq-ui-classic/master: https://github.com/ManageIQ/manageiq-ui-classic/commit/a79a0ee1b015944152d340bb24bd886c7eb78ba2 commit a79a0ee1b015944152d340bb24bd886c7eb78ba2 Author: Yuri Rudman <yrudman> AuthorDate: Mon Jun 1 14:45:25 2020 +0000 Commit: Yuri Rudman <yrudman> CommitDate: Mon Jun 1 14:45:25 2020 +0000 MiqTask to get stdout for Ansible should be owned by user who is requesting view. otherwise task created under 'syste' accout and not avalable for not admin user Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1836125 app/views/service/_svcs_show.html.haml | 6 +- 1 file changed, 3 insertions(+), 3 deletions(-)
It is bug: owner of MiqTask created to grab stdout from Ansible playbook should be current user and not system account; above PR should fix it.
New commit detected on ManageIQ/manageiq-ui-classic/ivanchuk: https://github.com/ManageIQ/manageiq-ui-classic/commit/3caf2323f7cd76b88fbc5815dfb88962127804c9 commit 3caf2323f7cd76b88fbc5815dfb88962127804c9 Author: Milan Zázrivec <mzazrivec> AuthorDate: Tue Jun 2 09:43:33 2020 +0000 Commit: Satoe Imaishi <simaishi> CommitDate: Thu Jun 18 20:03:48 2020 +0000 Merge pull request #7093 from yrudman/pass-user-when-strting-task-to-get-ansible-stdout MiqTask to get stdout for Ansible should be owned by user who requested view (cherry picked from commit 498f55f4e88f8f6dec1cc61a39236ad36c3ddbd9) https://bugzilla.redhat.com/show_bug.cgi?id=1836125 app/views/service/_svcs_show.html.haml | 6 +- 1 file changed, 3 insertions(+), 3 deletions(-)
Verified BZ with Build: 5.11.7.0.20200714215453_0da8a4a Able to see standard output without any issue. I have done below steps to verify BZ: - login appliance to main UI user admin - create one ansible playbook - create role from self_service with restriction="Only User or Group Owned" - create group using recently created role - create user - create ansible playbook service catalog item - set ownership - create service catalog - log in SSUI using newly created user - add service to shopping card - order service - log in main UI using newly created user - navigate Services->My Servcies>Service> - Under "Active catalog" click on ordered service - click on Provisoning tab - able to see standard output without any error
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Critical: CloudForms 5.0.7 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:3358