Fixing bug in LDAP reconcile loop #13342
Conversation
john-westcott-iv
force-pushed
the
reconcile_fix
branch
2 times, most recently
from
3d29d00
to
df94658
Compare
| continue | ||
| if role_name not in roles: | ||
| roles.append(role_name) | ||
| model_roles = Team.objects.filter(name__in=team_names).values_list('name', 'organization__name', *roles, named=True) |
There was a problem hiding this comment.
Now this query performs the same filter as before, but it returns more values so that you capture the organization name... (continuing walk-through)
| if object_type == 'organization': | ||
| desired_state = desired_states.get(row.name, {}) | ||
| else: | ||
| desired_state = desired_states.get(row.organization__name, {}).get(row.name, {}) |
There was a problem hiding this comment.
Here, we have the possibility that the team in question is unwanted, because it has the same name as a team listed in the configuration, but it's in another organization. In that event, desired_states should be lacking either the team's org name key or the team name key, and this should return {}
| # The mapping was not defined for this [org/team]/role so we can just pass | ||
| pass | ||
| continue |
There was a problem hiding this comment.
And here, where we have an unwanted "extra" team returned by the query, we hit the continue because it was not in the configuration (the desired_states). We don't remove or add the user, and that fixes the bug.
john-westcott-iv
force-pushed
the
reconcile_fix
branch
from
df94658
to
d85bfa3
Compare
|
We should def add test coverage for this function. |
john-westcott-iv
force-pushed
the
reconcile_fix
branch
from
d85bfa3
to
7e40a4d
Compare
…nsible#6265) Fixing bug in LDAP reconcile loop
SUMMARY
The LDAP reconcile loop did not account for the same team name in multiple organizations. It would add or remove the user from any team by a name (which is not unique). This change now forces the reconcile loop to consider the team along with the organization.
ISSUE TYPE
COMPONENT NAME
AWX VERSION
ADDITIONAL INFORMATION