Bug #16821

AccessPermissionsTest does not pick up plugin permissions

Added by Daniel Lobato Garcia 8 months ago. Updated 8 months ago.

Status:Closed
Priority:Normal
Assigned To:Dominic Cleal
Category:Tests
Target version:-
Difficulty: Bugzilla link:
Found in release: Pull request:https://github.com/theforeman/foreman/pull/3939, https://github.com/theforeman/foreman/pull/3933
Story points-
Velocity based estimate-
Release1.14.0Release relationshipAuto

Description

All of the plugins that use permissions are now failing. AccessPermissionsTest in core attempts to look for a Permission for the plugins' routes but it never succeeds.

Here's why:

During plugin initialization the engine calls 'permission' to register permissions in the db: https://github.com/theforeman/foreman_discovery/blob/develop/lib/foreman_discovery/engine.rb#L49
'permission' in core will not run because there are pending migrations: https://github.com/theforeman/foreman/blob/develop/app/services/foreman/plugin.rb#L219

The test checks in the database for those permissions, so it fails. It used to work before #16557 because the 'test:lib' task ran after 'test:unit', and on the 2nd Rails initialization, there were no 'pending_migrations' so permissions from plugins were added just fine.

A few possible solutions:

  • Modify the task in foreman-infra so that it runs 'RAILS_ENV=test rake db:migrate' prior to running tests. Currently Foreman kind of does this in the background via this setting (https://github.com/theforeman/foreman/blob/develop/config/environments/test.rb#L59) but it happens after plugins initialization, so during the 'permission' calls there are still pending migrations.
  • Call ActiveRecord::Migration.maintain_test_schema! at some point before plugin initialization
  • Modify the code so that permissions can be added even if there are pending_migrations (bad idea as the table may not exist)
  • Add plugin permissions via fixtures (we'd have to do this in all plugins now, and adding fixtures in plugins is annoying)

Related issues

Related to Foreman - Refactor #16557: Move tests into test/models, controllers, helpers dirs. Closed 09/14/2016
Related to Foreman - Bug #12143: Plugin permissions not available during tests Resolved 10/12/2015

Associated revisions

Revision dc9bd44f
Added by Dominic Cleal 8 months ago

fixes #16821 - store plugin permissions in AccessControl in tests

When initialising a new test database, the "permission" directive in a
plugin registration would skip the Foreman::AccessControl mapping so
later tests using the access control lists would fail (e.g.
AccessPermissionsTest, if a route added by a plugin to the main app
engine used a plugin permission.)

The AccessControl entry is now always created as it's safe to do so even
without a database, but the Permission resource is not created from the
initialiser in the test environment. Instead, permissions, roles and
filters are added to the database via fixtures so plugins can rely on
them for unit or functional tests.

History

#1 Updated by Dominic Cleal 8 months ago

  • Description updated (diff)

#2 Updated by Dominic Cleal 8 months ago

  • Related to Refactor #16557: Move tests into test/models, controllers, helpers dirs. added

#3 Updated by The Foreman Bot 8 months ago

  • Status changed from New to Ready For Testing
  • Assigned To set to Adam Ruzicka
  • Pull request https://github.com/theforeman/foreman/pull/3933 added

#4 Updated by The Foreman Bot 8 months ago

  • Pull request https://github.com/theforeman/foreman/pull/3939 added

#5 Updated by Dominic Cleal 8 months ago

This is less about permissions in the database, because AccessControl (which is what's being tested in AccessPermissionsTest) doesn't use the Permission objects, it uses an in-memory control list. The AccessControl mapping isn't set up if there are pending migrations, which should only really prevent the Permission record being created.

#6 Updated by Dominic Cleal 8 months ago

  • Assigned To changed from Adam Ruzicka to Dominic Cleal
  • Release set to 1.14.0

#7 Updated by Dominic Cleal 8 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#8 Updated by Dominic Cleal 7 months ago

  • Related to Bug #12143: Plugin permissions not available during tests added

Also available in: Atom PDF