Red Hat Bugzilla – Bug 841625
subject argument is removed from SubjectManager.findSubjectsByCriteria() which doesn't allow to use the method for specific (logged) in user
Last modified: 2015-09-02 20:01:16 EDT
Description of problem:
subject argument is removed from SubjectManager.findSubjectsByCriteria() which doesn't allow to use the method for newly logged in user
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Log in with rhqadmin from cli
2. create test role and testuser with some permissions
3. Call SubjectManager.login() for testuser and save the subject
4. Call SubjectManager.findSubjectsByCriteria() with saved subject
It is possible to get all resources using the newly loged in user
it is needed for permissions testing.
please ping me for the whole test case.
This is not specific to the SubjectManager.findSubjectByCriteria method.
When we are generating our scripting API, we generated new methods from the remote API methods by removing the first "Subject" parameter from them and then at runtime supplating that argument with the currently logged in user.
I.e. SubjectManager.findSubjectByCriteria(criteria) would be translated automagically into SubjectManager.findSubjectByCriteria(subject, criteria) where "subject" is the currently logged in user in the CLI.
Now in the past we actually kept the original methods (i.e. the ones with Subject as their first parameter) in the scripting API and only added the new "simplified" methods. We then explicitly *hid* the original methods from code completion so that the user didn't have an idea about their existence.
After the refactoring brought forth to support the script modularity, the original methods are no longer available on the scripting APIs and the code completion doesn't have to "hide" anything.
But for the script to be able to act as two users simultaneously is potentially useful feature - as Armine showed.
I am not fond of bringing the original methods back and adding the "special handling" back to the code completion - that is (and always has been) just an ugly hack.
So my proposal is (after getting this idea from Jay) to introduce a new property on the "rhq" implicit object called "subjectOverride".
When this property would be null, the currently logged in user would be used to do the remote calls. If the property would not be null, the subject assigned to this property would be used to do the remote calls regardless of the current logged in user for all the remote API calls.
So in the above example one would:
cli> rhq.login("rhqadmin", password)
cli> .... create test role and testuser with some permissions
cli> var testUserSubject = SubjectManager.login("testuser", password)
cli> rhq.subjectOverride = testUserSubject
this would call the last line with the testUserSubject as the subject.
targetting for RH 4.5. existing scripts need to continue to work after the fix.
based on lukas' comments it is not related to JON.
This bug blocks about 15 automated CLI tests which have needed to be disabled because of this bug. so because these tests are not running, the automation which is not running could be masking additional issues which are not currently being detected.
increasing the priority and targetting for an RHQ release
is this a breaking change for existing CLI scripts that customers may have in JON 3.2?
The automation scripts were exploiting an undocumented behavior of the previous implementation of the CLI remoting.
This has been chagend to strictly conform to the documented behavior and the undocumented methods are no longer available.
After Lukas' last comment I think this is solved and could be closed?
@Libor Zoubek added updated existing tests to run those without a need of subject param. Taking into account comment from Lukas, we can close this bug as "won't fix" or "not a bug".
Bulk closing of 4.10 issues.
If an issue is not solved for you, please open a new BZ (or clone the existing one) with a version designator of 4.10.