[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#991097: marked as done (unblock: horizon/18.6.2-5)

Your message dated Sat, 17 Jul 2021 12:14:20 +0200
with message-id <CAM8zJQvcEOu9MwCwBNsKgLJjJuShv0VPNM0nK7NHUjivGGpykg@mail.gmail.com>
and subject line Re: Bug#991097: unblock: horizon/18.6.2-5
has caused the Debian Bug report #991097,
regarding unblock: horizon/18.6.2-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
991097: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991097
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package horizon

[ Reason ]
This upload fixes 2 problems. Let me explain.

1/ Don't load user role assignment or groups tabs for non-admins

OpenStack manages access rights to its API through "roles". A list
of roles can be assigned to a user. These operations (ie: role
assignments) can be performed by any user with the admin role. It
is possible to manage user roles with Horizon. Unfortunately, the
role assignment tabs where also displayed for non-admins, which isn't
great (a newbie would click and see some error messages, that's not
a very nice user experience...). So I added to the Horizon package
the patch from upstream, which they are also in the process of
backporting:

https://review.opendev.org/c/openstack/horizon/+/783547

2/ Do not do boot-from-volume by default when launching instances

With the current default in Horizon, launching a new VM is done using
the "boot from volume" option of OpenStack. In our opinion, this isn't
a nice default, which can complicate things for newbies, so it's much
nicer to get the default set to Flase, which is what the 2nd patch is
doing.

[ Impact ]
Clearly, these 2 patches are just some last minutes polishing of the
package, but I think it's nice to have them.

[ Tests ]
Upstream runs extensive functional testing with Selenium, upstream unit
tests are run at build time in the Debian package, and we also are
running the modified version of the package in a production public cloud,
so we're good regarding tests. :)

[ Risks ]
This is very minimum risk change, which is only changing defaults and
fixing display.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock horizon/18.6.2-5

diff -Nru horizon-18.6.2/debian/changelog horizon-18.6.2/debian/changelog
--- horizon-18.6.2/debian/changelog	2021-06-29 14:53:41.000000000 +0200
+++ horizon-18.6.2/debian/changelog	2021-07-14 11:19:22.000000000 +0200
@@ -1,3 +1,11 @@
+horizon (3:18.6.2-5) unstable; urgency=medium
+
+  * Add patches:
+    - Dont_load_user_role_assignment_or_groups_tabs_for_non-admins.patch
+    - do-not-create-volume-by-default-when-launching-instance.patch
+
+ -- Thomas Goirand <zigo@debian.org>  Wed, 14 Jul 2021 11:19:22 +0200
+
 horizon (3:18.6.2-4) unstable; urgency=medium
 
   * Do not use an enable folder in /etc, as this marks all files from plugins
diff -Nru horizon-18.6.2/debian/patches/do-not-create-volume-by-default-when-launching-instance.patch horizon-18.6.2/debian/patches/do-not-create-volume-by-default-when-launching-instance.patch
--- horizon-18.6.2/debian/patches/do-not-create-volume-by-default-when-launching-instance.patch	1970-01-01 01:00:00.000000000 +0100
+++ horizon-18.6.2/debian/patches/do-not-create-volume-by-default-when-launching-instance.patch	2021-07-14 11:19:22.000000000 +0200
@@ -0,0 +1,19 @@
+Description: Do not create volume by default when launching instance
+ By default, Horizon creates a volume and wants users to boot from it, which is
+ not what a user should do by default. This patch restors sanity in the default
+ behavior.
+Author: Thomas Goirand <zigo@debian.org>
+Forwarded: no
+Last-Update: 2021-07-14
+
+--- horizon-18.6.2.orig/openstack_dashboard/defaults.py
++++ horizon-18.6.2/openstack_dashboard/defaults.py
+@@ -251,7 +251,7 @@ LAUNCH_INSTANCE_NG_ENABLED = True
+ # properties found in the Launch Instance modal.
+ LAUNCH_INSTANCE_DEFAULTS = {
+     'config_drive': False,
+-    'create_volume': True,
++    'create_volume': False,
+     'hide_create_volume': False,
+     'disable_image': False,
+     'disable_instance_snapshot': False,
diff -Nru horizon-18.6.2/debian/patches/Dont_load_user_role_assignment_or_groups_tabs_for_non-admins.patch horizon-18.6.2/debian/patches/Dont_load_user_role_assignment_or_groups_tabs_for_non-admins.patch
--- horizon-18.6.2/debian/patches/Dont_load_user_role_assignment_or_groups_tabs_for_non-admins.patch	1970-01-01 01:00:00.000000000 +0100
+++ horizon-18.6.2/debian/patches/Dont_load_user_role_assignment_or_groups_tabs_for_non-admins.patch	2021-07-14 11:19:22.000000000 +0200
@@ -0,0 +1,45 @@
+Description: Don't load user role assignment or groups tabs for non-admins
+ As a non admin user, navigate to Identity -> Users. Then click on the
+ username of your user to go to the detail page.
+ .
+ Only the allowed Overview tab is visible.
+ .
+ The view shows three tabs: Overview, Role assignments, Groups. Click on
+ either Role assignments or Groups. An error will appear, showing that
+ the API call is unauthorised, and the table content will fail to load.
+ .
+ This change fixes the issue by conditionally loading the tabs based on
+ policy.
+Author: Mark Goddard <mark@stackhpc.com>
+Date: Fri, 19 Mar 2021 15:05:31 +0000
+Closes-Bug: #1920214
+Change-Id: Ic8b723e6fd423b96a4f5eff54f9392cee534ed9e
+Origin: upstream, https://review.opendev.org/c/openstack/horizon/+/783547
+Last-Update: 2021-07-14
+
+diff --git a/openstack_dashboard/dashboards/identity/users/tabs.py b/openstack_dashboard/dashboards/identity/users/tabs.py
+index 30bcd0a..fe8fa3b 100644
+--- a/openstack_dashboard/dashboards/identity/users/tabs.py
++++ b/openstack_dashboard/dashboards/identity/users/tabs.py
+@@ -90,6 +90,10 @@
+     template_name = "horizon/common/_detail_table.html"
+     preload = False
+ 
++    def allowed(self, request):
++        return policy.check((("identity", "identity:list_role_assignments"),),
++                            self.request)
++
+     def get_roleassignmentstable_data(self):
+         user = self.tab_group.kwargs['user']
+ 
+@@ -136,6 +140,10 @@
+     template_name = "horizon/common/_detail_table.html"
+     preload = False
+ 
++    def allowed(self, request):
++        return policy.check((("identity", "identity:list_groups"),),
++                            self.request)
++
+     def get_groupstable_data(self):
+         user_groups = []
+         user = self.tab_group.kwargs['user']
diff -Nru horizon-18.6.2/debian/patches/series horizon-18.6.2/debian/patches/series
--- horizon-18.6.2/debian/patches/series	2021-06-29 14:53:41.000000000 +0200
+++ horizon-18.6.2/debian/patches/series	2021-07-14 11:19:22.000000000 +0200
@@ -1,2 +1,4 @@
 fixed-horizon-MANIFEST.in.patch
 fix-manage.py-sheebang.patch
+Dont_load_user_role_assignment_or_groups_tabs_for_non-admins.patch
+do-not-create-volume-by-default-when-launching-instance.patch

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: