Filter tenants and groups in Access Control by current region

[ZitaNemeckova]

Closes #4720

• Have a bunch of tenants
• If you have all tenants in one region Tenant.count == Tenant.in_my_region.count set id of one of tenants to something outside current region(multiple its id by 3 or something)
• Go to Configuration -> Access Control -> click a region

In this case cloudusers tenant is not in Tenant.in_my_region

Before:

After:

@miq-bot add_label bug, hammer/no,

[mzazrivec]

@lpichler is this change OK with you?

[lpichler]

@ZitaNemeckova

you created child tenant in default region and his child which is "probably"( * 3) in different region and this situation doesn't happen in real.

we need to create tenant structure in default region and then whole tenant structure in other tenant region

and then check whether it is listing only tenant in current region.

you can get some inspiration from https://github.com/ManageIQ/manageiq/pull/17453/files#diff-de9adf0bd8114667190fecb643922d79R941 .

[ZitaNemeckova]

Usingid_in_region sounds better 👍

[ZitaNemeckova]

@lpichler Changed it as you suggested so Tenant is in a MiqRegion that actually exists and not some random "of by three" non-existent one :) Is it ok with you now?

[lpichler]

this is not needed, because object is already in one region and his children will be also the same region. I can show it you in my env.

[ZitaNemeckova]

So there's no way for a Tenant to have a child that's in another region. Noted :)

[lpichler]

better however you are testing a code which I suggested to removed - you can still reuse the test for the "count" part.

and tests are better but it is still not reflect DB with 2 region, you can image it like two duplicated DB with different IDs, so one object in one region exists like duplicated object in other region.
You tests are mixing it together(like one tenant has children from other region) which is probably testing issue but it is not same as in real. SO I am suggesting to do it like it could be in real.

So one thing what you need to have is Tenant.root in other region.

     let!(:child_tenant) { FactoryGirl.create(:tenant, :parent => Tenant.root_tenant) }
     let(:inactive_region) { FactoryGirl.create(:miq_region) }
     let(:tenant_root_in_inactive_region) do
      root_in_inactive_region = Tenant.root_tenant.dup
      root_in_inactive_region.id = Tenant.id_in_region(Tenant.count + 1_000_000, inactive_region.region) # you can create a method (DRY)
     root_in_inactive_region.save
     root_in_inactive_region
    end


     let!(:child_tenant_out_of_region) { FactoryGirl.create(:tenant, :parent => tenant_root_in_inactive_region, :id => Tenant.id_in_region(Tenant.count + 1_000_000, inactive_region.region)) }

[ZitaNemeckova]

I guess you didn't try that out or I'm missing something :) It's impossible to create second root Tenant in specs. It fails at Validation failed: Tenant: Parent required. I'll use a tenant that's in different region but has a parent from active region. Spec checks that count is correct not their relationship.

End removing the tree code because parent and child tenant have to be in the same region as you said earlier :)

Is that ok with you? :)

[lpichler]

I see, you are right. It about that validator use current region. I think we can skip validation with
root_in_inactive_region.save!(:validate => false) in this case and you can leave parent as nil.

thanks!

[lpichler]

@lpichler Changed it as you suggested so Tenant is in a MiqRegion that actually exists and not some random "of by three" non-existent one :) Is it ok with you now?

Much better and I gave you other suggestions :)

[lpichler]

you can put this to the before block

[miq-bot]

Checked commit ZitaNemeckova@6893b69 with ruby 2.3.3, rubocop 0.52.1, haml-lint 0.20.0, and yamllint 1.10.0
2 files checked, 0 offenses detected
Everything looks fine. 🏆

[ZitaNemeckova]

@miq-bot remove_label hammer/no
@miq-bot add_label hammer/yes

[simaishi]

Hammer backport details:

$ git log -1
commit 056aac1f922ee57edb9abfb64f86250882e367c1
Author: Milan Zázrivec <[email protected]>
Date:   Thu Nov 1 11:05:12 2018 +0100

    Merge pull request #4831 from ZitaNemeckova/tenants_in_my_region
    
    Filter tenants and groups in Access Control by current region
    
    (cherry picked from commit 79ac45765a1da8f54e806ff923f8430a677a9e98)