Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWX 24.3.1 | Add team permission #15185

Open
6 of 11 tasks
moreirodamian opened this issue May 14, 2024 · 2 comments
Open
6 of 11 tasks

AWX 24.3.1 | Add team permission #15185

moreirodamian opened this issue May 14, 2024 · 2 comments
Assignees
@AlanCoding
Labels
community component:api component:ui type:bug

Comments

@moreirodamian
Copy link

Please confirm the following

  • I agree to follow this project's code of conduct.
  • I have checked the current issues for duplicates.
  • I understand that AWX is open source software provided for free and that I might not receive a timely response.
  • I am NOT reporting a (potential) security vulnerability. (These should be emailed to security@ansible.com instead.)

Bug Summary

"I updated to the latest version of AWX, everything works perfectly except for the permission update for a team.

When I try to add new permissions to a team, I get the following error:

`
POST api/v2/teams/3/roles/ 400
duplicate key value violates unique constraint "one_entry_per_object_permission_and_role" DETAIL: Key (object_id, content_type_id, codename, role_id)=(37, 6, view_workflowjobtemplate, 65) already exists.

`
I've already tried deleting all permissions and reassigning them, but I still have the same problem."

AWX version

24.3.1

Select the relevant components

  • UI
  • UI (tech preview)
  • API
  • Docs
  • Collection
  • CLI
  • Other

Installation method

kubernetes

Modifications

no

Ansible version

No response

Operating system

No response

Web browser

No response

Steps to reproduce

"I had a clean installation on version 24, in which I created templates, teams, assigned permissions, and more.

Then I gradually updated until reaching the latest version. Everything works perfectly except for updating permissions for a team."

Expected results

Being able to update permissions correctly.

Actual results

Unable to assign new permissions.

Additional information

No response
@AlanCoding
Copy link
Member

A similar issue was fixed in ansible/django-ansible-base#281, but this looks like it is hitting a constraint error in a different table.

Was this done by the UI? Where there other concurrent requests happening when this request gave the 400 error?

@AlanCoding AlanCoding mentioned this issue May 20, 2024
Merged
@AlanCoding
Copy link
Member

I put up a candidate fix at ansible/django-ansible-base#401.

AlanCoding added a commit to ansible/django-ansible-base that referenced this issue May 24, 2024
@AlanCoding
Fix IntegrityError when giving overlapping team permissions (#401)
0395baa 
We hit another version of
#281 from out in the
wild.

The report of this is ansible/awx#15185, and
although it is short on specific of what went on, with some speculation
I was able to mostly logically brute-force out the probable cause. The
imagined reproducer:

- In the "old" AWX UI, go to give a team permission to 2 different roles
to the same thing, like inventory update and adhoc roles.
 - It is assumed that this team has members already.
 - Submit the requests to assign those permissions concurrently.

This fixes that issue by ignoring conflicts on bulk creation of role evaluations.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlanCoding AlanCoding

Labels
community component:api component:ui type:bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AlanCoding @moreirodamian @TheRealHaoLiu