Bug #9963

Upgrade from 1.2 to 2.0 fails with "some permissions were not found" ArgumentError

Added by Lukas Zapletal about 2 years ago. Updated 10 months ago.

Status:Closed
Priority:High
Assigned To:-
Category:Discovery plugin
Target version:Plugin 2.0.3
Difficulty: Pull request:https://github.com/theforeman/foreman_discovery/pull/176
Bugzilla link:
Story points-
Velocity based estimate-

Description

Permissions were added in the 1.2 version of the plugin (44a0746680407fc009377b1f3abe35c336bf40db). Later on (in 1.3) we have added "Host" resource_type for discovery hosts permissions in version 1.3 (7bd2ab66240c494cdbc9a8ba33ef6fb82a3734bf) which worked for the first time. But this created four extra permissions leaving the old in the database:

#<Permission id: 152, name: "view_discovered_hosts", resource_type: nil,
#<Permission id: 153, name: "provision_discovered_hosts", resource_type: nil,
#<Permission id: 154, name: "edit_discovered_hosts", resource_type: nil,
#<Permission id: 155, name: "destroy_discovered_hosts", resource_type: nil,

#<Permission id: 156, name: "view_discovered_hosts", resource_type: "Host",
#<Permission id: 157, name: "provision_discovered_hosts", resource_type:
#<Permission id: 158, name: "edit_discovered_hosts", resource_type: "Host",
#<Permission id: 159, name: "destroy_discovered_hosts", resource_type: "Host",

#<Permission id: 171, name: "view_discovery_rules", resource_type: nil,
#<Permission id: 172, name: "new_discovery_rules", resource_type: nil,
#<Permission id: 173, name: "edit_discovery_rules", resource_type: nil,
#<Permission id: 174, name: "execute_discovery_rules", resource_type: nil,
#<Permission id: 175, name: "delete_discovery_rules", resource_type: nil,

From now on, everytime we touched "Discovery" role it failed because the check in Foreman Core.

WORKAROUND: In /usr/share/foreman/lib/foreman_discovery/engine.rb comment out the two lines:

role "Discovery Manager", [:view_discovered_hosts, ... ]
role "Discovery Reader", [:view_discovered_hosts, ... ]

Then migrate, restart, remove all user-role associations for these roles, delete those roles. Then uncomment these lines, restart Foreman and those roles will appear back. Assign the roles as expected.

SOLUTION: Delete the extra permissions without resource_type defined (nil). We can do this in a migration which will fix for all users which are currently upgrading from 1.2 version. For those who already upgraded, they must use the workaround from above, or we could add the hack into engine.rb.


Related issues

Related to Foreman - Bug #13529: Duplicate permissions are allowed and not recognized Closed 02/02/2016

Associated revisions

Revision 46f4aee0
Added by Lukas Zapletal almost 2 years ago

Fixes #9963 - removed unused permissions and role

Revision 84d4aa54
Added by Ori Rabin almost 2 years ago

Refs #9963 - changing puts to say in permissions migration

History

#1 Updated by Lukas Zapletal about 2 years ago

WORKAROUND UPDATE:

Comment out the two lines above, then run this in the console:

Permission.where("name like '%_discovered_hosts' and resource_type is null").destroy_all

and uncomment the two lines, restart.

#2 Updated by The Foreman Bot about 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman_discovery/pull/176 added

#3 Updated by Anonymous almost 2 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Lukas Zapletal 10 months ago

If you happen to get a chicken and egg problem with this one (not able to boot server, console or even migration), try this:

DELETE FROM "permissions" WHERE (name like '%_discovered_hosts' and resource_type is null)

This could help.

#5 Updated by Lukas Zapletal 10 months ago

  • Related to Bug #13529: Duplicate permissions are allowed and not recognized added

Also available in: Atom PDF