Need to pass the user's group in to automate when the provision starts. #61
Conversation
gmcculloug
changed the title
lfu
force-pushed
the
service_user_in_groups_1467364
branch
from
415396b to
77267db
Compare
|
@lfu Please review failing tests. |
lfu
force-pushed
the
service_user_in_groups_1467364
branch
from
77267db to
6db2dfb
Compare
| @@ -250,7 +250,7 @@ def process_assertions(message) | |||
|
|
|||
| def user_info_attributes(user) | |||
| {'user' => user, 'tenant' => user.current_tenant, 'miq_group' => user.current_group}.each do |k, v| | |||
| value = MiqAeObject.convert_value_based_on_datatype(v.id, v.class.name) | |||
| value = MiqAeMethodService::MiqAeServiceModelBase.wrap_results(v) | |||
There was a problem hiding this comment.
This solves the issue that the user object is got from DB with wrong current group in automate.
MiqAeObject.convert_value_based_on_datatype calls find at service model layer which fetches the object from DB then calls MiqAeMethodService::MiqAeServiceModelBase.wrap_results on the object.
Since the user object is already available with the correct current group, we can call MiqAeMethodService::MiqAeServiceModelBase.wrap_results on it directly.
With this change, then ManageIQ/manageiq-content#156 is not needed as the in-memory user object has the current group point to the group that the user is in when the request is made.
There was a problem hiding this comment.
@lfu I am not sure about this call, I am thinking the find should get the service model. Can we check if the find is doing the right thing.
There was a problem hiding this comment.
@mkanoor The find gets the user object from DB which is not what we want here since the user's current group from DB is not the correct requester group.
We should use the in-memory user object that we already have at hand and wrap it into service model object. This way we don't need to change the expose of current_group in MiqAeServiceUser because the user object has got correct current group in memory. expose itself does not query the DB.
| @@ -250,7 +250,7 @@ def process_assertions(message) | |||
|
|
|||
| def user_info_attributes(user) | |||
| {'user' => user, 'tenant' => user.current_tenant, 'miq_group' => user.current_group}.each do |k, v| | |||
| value = MiqAeObject.convert_value_based_on_datatype(v.id, v.class.name) | |||
| value = MiqAeMethodService::MiqAeServiceModelBase.wrap_results(v) | |||
There was a problem hiding this comment.
@lfu I am not sure about this call, I am thinking the find should get the service model. Can we check if the find is doing the right thing.
| @@ -307,7 +307,8 @@ def self.ae_user_object(options = {}) | |||
| raise "user_id not specified in Automation request" if options[:user_id].blank? | |||
| # raise "group_id not specified in Automation request" if options[:miq_group_id].blank? | |||
There was a problem hiding this comment.
@lfu Can we raise this exception because we are expecting that all calls into Automate are going to pass in the miq_group_id.
lfu
force-pushed
the
service_user_in_groups_1467364
branch
2 times, most recently
from
c200e29 to
d686357
Compare
lfu
changed the title
|
@miq-bot remove_label wip |
|
@mkanoor Please take another look. |
| @@ -305,9 +305,11 @@ def self.resolve_automation_object(uri, user_obj, attr = nil, options = {}, read | |||
|
|
|||
| def self.ae_user_object(options = {}) | |||
| raise "user_id not specified in Automation request" if options[:user_id].blank? | |||
| # raise "group_id not specified in Automation request" if options[:miq_group_id].blank? | |||
| raise "miq_group_id not specified in Automation request" if options[:miq_group_id].blank? | |||
There was a problem hiding this comment.
@lfu Do you know why this was commented out before? Are there any code paths you are aware of that might run into this new requirement?
There was a problem hiding this comment.
@gmcculloug miq_group_id was not required because a user's current_group is used as default.
Seems AutomationTask is not passing miq_group_id when calling into automate: here. Will fix it in another PR.
There was a problem hiding this comment.
Ok, please like the related PR back here when it is ready, I would like to have it available before merging this one since we know it will break Automation requests.
A user may belong to multiple groups. miq_group_id became required via ManageIQ/manageiq-automation_engine#61. https://bugzilla.redhat.com/show_bug.cgi?id=1467364
User's current group might have changed before the provision finishes. So the user's current group from DB may be different from the user's group when the request is sent into automate. https://bugzilla.redhat.com/show_bug.cgi?id=1467364
lfu
force-pushed
the
service_user_in_groups_1467364
branch
from
d686357 to
660b111
Compare
|
Checked commit lfu@660b111 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0 lib/miq_automation_engine/engine/miq_ae_engine.rb
|
| @@ -305,9 +305,11 @@ def self.resolve_automation_object(uri, user_obj, attr = nil, options = {}, read | |||
|
|
|||
| def self.ae_user_object(options = {}) | |||
| raise "user_id not specified in Automation request" if options[:user_id].blank? | |||
| # raise "group_id not specified in Automation request" if options[:miq_group_id].blank? | |||
| # raise "miq_group_id not specified in Automation request" if options[:miq_group_id].blank? | |||
There was a problem hiding this comment.
The raise will be re-introduced upstream after this PR is merged. This will allow the PR to be back-ported and to older branch and give more burn-in time upstream.
|
Fine backport (to manageiq repo) details: |
|
Euwe backport (to manageiq repo) details: |
User's current group might have changed before the provision finishes.
So the user's current group from DB may be different from the user's group when the request is sent into automate.
Part of ManageIQ/manageiq#15696.
Blocks ManageIQ/manageiq-content#156.Includes ManageIQ/manageiq#15760.
https://bugzilla.redhat.com/show_bug.cgi?id=1467364
@miq-bot add_label bug, euwe/yes, fine/yes