Skip to content

Fixes #13689 - don't use authorized scope in provisioning template#156

Merged
ares merged 1 commit into
theforeman:masterfrom
iNecas:fix-ssh-keys-seed-global-proxy
Feb 16, 2016
Merged

Fixes #13689 - don't use authorized scope in provisioning template#156
ares merged 1 commit into
theforeman:masterfrom
iNecas:fix-ssh-keys-seed-global-proxy

Conversation

@iNecas

@iNecas iNecas commented Feb 12, 2016

Copy link
Copy Markdown
Member

The user is not set in context of provisioning, therefore the public
keys of the global proxies were not populated properly into the provisioned
hosts.

@stbenjam

Copy link
Copy Markdown
Member

Oh, awesome. This explains a problem a user was having recently, and I could not figure it out.

ACK

@ares

ares commented Feb 15, 2016

Copy link
Copy Markdown
Member

Shouldn't we pass the user to determine the proxies then? It allows user that has no permissions on a particular proxy to use it.

@iNecas

iNecas commented Feb 15, 2016

Copy link
Copy Markdown
Member Author

Setting the user by owner might not be trivial (as the host can be owned by user or usergroup). What about asking for the unscoped proxies in https://github.com/iNecas/foreman_remote_execution/blob/fix-ssh-keys-seed-global-proxy/app/models/concerns/foreman_remote_execution/host_extensions.rb#L60 by passing some optional param to remote_execution_proxies method

@stbenjam

Copy link
Copy Markdown
Member

That sounds ok to me, I guess. Although I'm not sure I find it very interesting from a permissions perspective to have such a restriction. I would think the only thing anyone cares about is if a user can execute this on a particular host, not from which proxies it gets executed.

If a subnet has proxies A, B, C, and D, I'd want them all to be used.

The user is not set in context of provisioning, therefore the public
keys of the global proxies were not populated properly into the provisioned
hosts.
@iNecas

iNecas commented Feb 16, 2016

Copy link
Copy Markdown
Member Author

I've updated the PR based on our discussion (+ added a test case for this)

@ares

ares commented Feb 16, 2016

Copy link
Copy Markdown
Member

APJ

@ares

ares commented Feb 16, 2016

Copy link
Copy Markdown
Member

Merging, thanks @iNecas

ares added a commit that referenced this pull request Feb 16, 2016
Fixes #13689 - don't use authorized scope in provisioning template
@ares ares merged commit 3401076 into theforeman:master Feb 16, 2016
MariaAga pushed a commit to MariaAga/foreman_remote_execution that referenced this pull request Sep 3, 2021
fixes #12763 - puppetclass importer should be async
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants