Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #29450 - Use sp-references in used taxonomy lookup #9976

Merged
merged 1 commit into from
Jun 12, 2024

Conversation

adamruzicka
Copy link
Contributor

@adamruzicka adamruzicka commented Jan 3, 2024

TODOs:

@adamruzicka adamruzicka marked this pull request as ready for review January 4, 2024 10:21
Copy link
Member

@ShimShtein ShimShtein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I read correctly, this PR will hide proxies that are not associated with at least one host in the current org/location.
I think it will make non-associated proxies to entirely disappear.

@adamruzicka Is this your original intention?

@@ -7,8 +7,12 @@ def smart_proxy_reference(hash)
ProxyReferenceRegistry.add_smart_proxy_reference hash
end

def smart_proxy_scope(hosts_scope = Host::Managed.all)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: we can make it a scope:

Suggested change
def smart_proxy_scope(hosts_scope = Host::Managed.all)
scope :with_smart_proxies, -> { eager_load(ProxyReferenceRegistry.smart_proxy_references.select(&:join?).map(&:join_relation) }

I have dereferenced the proxy_join_tables method. I suppose we can reuse it, if the method will be defined as static.

then later we can use it directly:

hosts_scope.with_smart_proxies.pluck(proxy_column_list).flatten.uniq.compact

@adamruzicka
Copy link
Contributor Author

Is this your original intention?

That sounds about right

@ShimShtein
Copy link
Member

Not entirely sure it's related to this PR, but I see I can give the proxy more visibility than I have:
image

This user has permissions only for empty_org, but he can assign also default_org to the proxy, although he is not able to select it in the selector.

@adamruzicka
Copy link
Contributor Author

What exact roles or permissions did you give to that user? If I give the user the org admin role then I can reproduce both with and without this patch. Apparently as long as the user has a role grants them the assign_organizations permission, they'll be able to assign organizations which they can't see, which is unfortunate but not really related to what I'm trying to solve here.

@ShimShtein
Copy link
Member

I have tried it with org_admin role indeed.

Copy link
Member

@ShimShtein ShimShtein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ares This one looks good to me. Any additional concerns before I merge it?

@ofedoren ofedoren changed the title Proxy used taxonomy ids Fixes #29450 - Use sp-references in used taxonomy lookup Jun 12, 2024
Copy link
Member

@ofedoren ofedoren left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @adamruzicka and @ShimShtein !

@ofedoren
Copy link
Member

@adamruzicka, could you please squash the commits?

Before we relied only on Puppet and Puppet CA proxy features and
searched for hosts which were linked against the proxy in question using
host.puppet_proxy_id and host.puppet_ca_proxy_id fields. When the proxy
didn't have any of these features, the search was unbounded. This meant
we took all the hosts and taxonomy ids from them. This lead to proxy
seemingly being assigned to taxonomies when it really wasn't and not
being able to remove the proxy from such taxonomies.

After this change, we leverage the smart proxy references framework to
really look for hosts reference a given proxy in any way.
@ofedoren ofedoren merged commit 94b3416 into theforeman:develop Jun 12, 2024
52 of 53 checks passed
@adamruzicka adamruzicka deleted the proxy-used-taxonomy-ids branch June 17, 2024 07:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants