Project

General

Profile

Actions

Bug #11718

closed

Problems with roles that filter on facts

Added by Ears Down about 9 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Summary

When logged in as a user with a role which has filters that limit access based on facts, the user is unable to retrieve fact_values. Suspected cause is a bug with SQL query rendering. Behavior and error reports are listed below.

References to $curl below are executed as curl -u linuxsysadmin:<password> -s https://<foreman-url>

Steps to reproduce

  1. Centos 7 + Foreman 1.8.3.
  2. Create role "Linux Sysadmin"
  3. Create user "linuxsysadmin" and assign to role "Linux Sysadmin"
  4. Assign these filters to the "Linux Sysadmin" role:
    - view_hosts, destroy_hosts: "facts.kernel ~ linux"
    - view_facts: unlimited
  5. Run this: $curl/api/hosts
    - Result: Works as expected - output not shown.
  6. Run this: $curl/api/v2/hosts
    - Result: Works as expected - output not shown.
  7. Run this: $curl/api/fact_values
    - Result: Error: PGError: ERROR: missing FROM-clause entry for table \"fact_names_456810\"\n ...
    {
      "error": {
        "message": "PGError: ERROR:  missing FROM-clause entry for table \"fact_names_456810\"\n
    LINE 1: ...ames\".\"id\" = \"fact_values\".\"fact_name_id\" WHERE ((fact_names...\n
    ^\n: SELECT  \"fact_values\".\"id\" AS t0_r0, \"fact_values\".\"value\" AS t0_r1, \"fact_values\".\"fact_name_id\" AS t0_r2,
    \"fact_values\".\"host_id\" AS t0_r3, \"fact_values\".\"updated_at\" AS t0_r4, \"fact_values\".\"created_at\" AS t0_r5, 
    \"fact_names\".\"id\" AS t1_r0, \"fact_names\".\"name\" AS t1_r1, \"fact_names\".\"updated_at\" AS t1_r2, 
    \"fact_names\".\"created_at\" AS t1_r3, \"fact_names\".\"compose\" AS t1_r4, \"fact_names\".\"short_name\" AS t1_r5, 
    \"fact_names\".\"type\" AS t1_r6, \"fact_names\".\"ancestry\" AS t1_r7, \"hosts\".\"id\" AS t2_r0, \"hosts\".\"name\" AS t2_r1,
    \"hosts\".\"last_compile\" AS t2_r2, \"hosts\".\"last_freshcheck\" AS t2_r3, \"hosts\".\"last_report\" AS t2_r4, 
    \"hosts\".\"updated_at\" AS t2_r5, \"hosts\".\"source_file_id\" AS t2_r6, \"hosts\".\"created_at\" AS t2_r7, 
    \"hosts\".\"root_pass\" AS t2_r8, \"hosts\".\"serial\" AS t2_r9, \"hosts\".\"puppet_status\" AS t2_r10, 
    \"hosts\".\"architecture_id\" AS t2_r11, \"hosts\".\"operatingsystem_id\" AS t2_r12, \"hosts\".\"environment_id\" AS t2_r13, 
    \"hosts\".\"ptable_id\" AS t2_r14, \"hosts\".\"medium_id\" AS t2_r15, \"hosts\".\"build\" AS t2_r16, \"hosts\".\"comment\" AS t2_r17, 
    \"hosts\".\"disk\" AS t2_r18, \"hosts\".\"installed_at\" AS t2_r19, \"hosts\".\"model_id\" AS t2_r20, \"hosts\".\"hostgroup_id\" AS t2_r21, 
    \"hosts\".\"owner_id\" AS t2_r22, \"hosts\".\"owner_type\" AS t2_r23, \"hosts\".\"enabled\" AS t2_r24, \"hosts\".\"puppet_ca_proxy_id\" AS t2_r25, 
    \"hosts\".\"managed\" AS t2_r26, \"hosts\".\"use_image\" AS t2_r27, \"hosts\".\"image_file\" AS t2_r28, \"hosts\".\"uuid\" AS t2_r29, 
    \"hosts\".\"compute_resource_id\" AS t2_r30, \"hosts\".\"puppet_proxy_id\" AS t2_r31, \"hosts\".\"certname\" AS t2_r32, \"hosts\".\"image_id\" AS t2_r33, 
    \"hosts\".\"organization_id\" AS t2_r34, \"hosts\".\"location_id\" AS t2_r35, \"hosts\".\"type\" AS t2_r36, \"hosts\".\"otp\" AS t2_r37, 
    \"hosts\".\"realm_id\" AS t2_r38, \"hosts\".\"compute_profile_id\" AS t2_r39, \"hosts\".\"provision_method\" AS t2_r40, \"hosts\".\"grub_pass\" AS t2_r41 
    FROM \"fact_values\" INNER JOIN \"hosts\" ON \"hosts\".\"id\" = \"fact_values\".\"host_id\" 
    AND \"hosts\".\"type\" IN ('Host::Managed') 
    LEFT OUTER JOIN \"fact_names\" ON \"fact_names\".\"id\" = \"fact_values\".\"fact_name_id\" 
    WHERE ((fact_names_456810.\"name\" = 'kernel') 
    AND (\"fact_values_456810\".\"value\" ILIKE '%Linux%')) 
    AND (fact_names.name <> '_timestamp') 
    ORDER BY \"fact_values\".\"value\" ASC NULLS FIRST  LIMIT 20 OFFSET 0" 
      }
    }
    
  8. Run this: $curl/api/v2/fact_values
    - Result: Empty result set, but no error.
    {
      "results": {},
      "sort": {
        "order": null,
        "by": null
      },
      "search": "",
      "per_page": 20,
      "page": 1,
      "subtotal": 0,
      "total": 0
    }
    
Actions

Also available in: Atom PDF