Plugins » Discovery

Yes, core bug is public. I'd wait with public PR until confirmed by others. I don't see a point why to duplicate this default_scope. Host::Base already has notion of taxonomies https://github.com/theforeman/foreman/blob/develop/app/models/host/base.rb#L202. Of course belongs_to $taxonomy should be moved to Base as well...

Small reminder - please don't mark notes as private within a private bug, all will be private automatically. It also means when the bug is made public, discussion will be visible.

From comment 1: "I am against moving it to Host::Base that could be quite confusing. I will do the same patch in Host::Discovered."

Since Host::Base already contains that, I agree this would be good fit. Can you refactor this please? I will test this with Discovery plugin.

Btw even if we move the taxonomy related stuff into Host::Base, you should probably prepare a patch that fixes the default scope in discovery for older versions. The move to Host::Base won't be backported. And after the move you still have to remove default_scope so it does not redefine the one from Base.

Lzap you can test with https://github.com/theforeman/foreman/pull/2287

The code there hasn't changed from 1.5 release, no need of backports there really.

Lukas Zapletal wrote:

The code there hasn't changed from 1.5 release, no need of backports there really.

If it hasn't changed, then perhaps we do need to backport it to 2.x?

Dominic Cleal wrote:

Lukas Zapletal wrote:

The code there hasn't changed from 1.5 release, no need of backports there really.

If it hasn't changed, then perhaps we do need to backport it to 2.x?

I have tested discovery 2.0 and it is not affected.

Lukas Zapletal wrote:

Dominic Cleal wrote:

Lukas Zapletal wrote:

The code there hasn't changed from 1.5 release, no need of backports there really.

If it hasn't changed, then perhaps we do need to backport it to 2.x?

I have tested discovery 2.0 and it is not affected.

Ok, was that with the #10025 patch on 1.7-stable or without?

I know 3.x has gained some taxonomy features, but did they introduce an issue here somehow?

Okay let me explain this with a table. I covered the following:

Since the bug #9947 is scheduled for 1.7 and since there were no changes in regard to taxonomy between 2.0 and 3.0 versions, I don't believe it's vulnerable. HAVEN'T TESTED THO. The patch does not apply cleanly.

I've verified 1.7/2.0 with patch applied, NOT vulnerable. It works, we need the core patch in 1.7.