Permission error on relaunch job_templates with Execute permissions

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.

Other

14.01k stars 3.42k forks source link

Permission error on relaunch job_templates with Execute permissions #3819

Open tota45 opened 5 years ago

tota45 commented 5 years ago

ISSUE TYPE

Bug Report

SUMMARY

A user has Execute permission on a job_template. This user is permitted to run a job_templates. This user is not permitted to relaunch this job_templates.

ENVIRONMENT

AWX version: 3.0.1
AWX install method: docker on linux
Ansible version: 2.7.7
Operating System: centos7
Web Browser: Chrome v63.0

STEPS TO REPRODUCE

Create a user with Execute permission on a job_template. Capture3

Run a template that failed relaunch this template Capture1

a popup is displayed

EXPECTED RESULTS

The job_template is supposed to be executed

ACTUAL RESULTS

Capture2

ADDITIONAL INFORMATION

AlanCoding commented 5 years ago

Who was the original job launched by, and is that different from the user relaunching the job? What prompts were provided when originally launching? Also, https://github.com/ansible/awx/pull/3783 may have changed this.

tota45 commented 5 years ago

The user is an "ldap" user. It is the same user that launches the job then relaunch the job. I do not test yet with AWX 4.0

AlanCoding commented 5 years ago

Does the UI show that the original job was launched by this user? (API field created_by in the job entry)

If that field is wrong, then we would need to address that. It would also be helpful to know if the job template has a survey, and if so, what type of questions are used in the survey.

ghjm commented 5 years ago

@tota45 Are you still seeing this issue?

tota45 commented 5 years ago

I upgrade AWX to 6.0 and the bug has evolved. At now: 1- An 'execute permissions' user run a template that failed. This user re-run this template thanks to 'relaunch on' button => OK, no more issue 2 - An 'execute permissions' user run a workflow that failed. This user re-run the template that failed on the workflow=> KO permission popup appears

Yes the template has a survey.

wenottingham commented 5 years ago

Were survey passwords provided by a different user for that survey run?

AlanCoding commented 5 years ago

2 - An 'execute permissions' user run a workflow that failed. This user re-run the template that failed on the workflow=> KO permission popup appears

Could you give us the response text from when this error was obtained? I'm not sure where to start looking right now.

elyezer commented 5 years ago

I still see this issue, here are the steps to reproduce:

1) As the admin user create a job template that has a survey with an optional password field. Set the job template to run a playbook that will fail. 2) Create an user and set the execute permission to the previously created template. 3) As the user that has execute permission. Launch the job and it will fail. 4) Relaunch the job and select either all or failed, the relaunched job will fail. 5) Try to relaunch the failed relaunched job and the message ERROR! Job was launched with prompted fields. You do not have permission to related resources. will be presented. The user should be able to relaunch it since it was the user that launched it and also no secret field was provided on the survey.

netixx commented 3 years ago

I still see the issue as described by @elyezer with version AWX 13.0.0 (Ansible 2.9.11).