Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

500 on actionalias help endpoint with action_alias_help permission grant #47

Open
dubi0us opened this issue Feb 8, 2021 · 2 comments
Open

500 on actionalias help endpoint with action_alias_help permission grant #47

dubi0us opened this issue Feb 8, 2021 · 2 comments
Labels
bug Something isn't working

Comments

@dubi0us
Copy link

dubi0us commented Feb 8, 2021
edited
Loading

Calling the action alias help endpoint results in 500 when RBAC is enabled and the action_alias_help permission grant if specified in a role.

St2 version: st2 3.3.0, on Python 3.6.8

OS: CentOS Linux release 8.2.2004 (Core)

RBAC: master branch

Role: chatbot.yaml

---
    name: "chatbot"
    description: "Mr. Chatbot"
    enabled: true
    permission_grants:
        -
            resource_uid: "action:packs:show"
            permission_types:
               - "action_execute"
        -
            permission_types:
               - "action_list"
               - "rule_list"
               - "action_alias_help"

assignment: bot.yaml

---
username: "bot
roles:
- "chatbot"

st2api.log :

2021-02-08 15:24:46,700 140311874581616 INFO logging [-] f9a6d8e1-17c6-4fcc-8615-f01b8dc204e2 - GET /v1/actionalias/help with query={'x-auth-token': '********'} (method='GET',path='/v1/actionalias/help',remote_addr='127.0.0.1',query={'x-auth-token': '********'},request_id='f9a6d8e1-17c6-4fcc-8615-f01b8dc204e2')
2021-02-08 15:24:46,714 140311874581616 ERROR router [-] Failed to call controller function "help" for operation "st2api.controllers.v1.actionalias:action_alias_controller.help": 'NoneType' object has no attribute 'name'
Traceback (most recent call last):
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2common/router.py", line 516, in __call__
    resp = func(**kw)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2api/controllers/v1/actionalias.py", line 105, in help
    aliases_resp = super(ActionAliasController, self)._get_all(**kwargs)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2api/controllers/resource.py", line 564, in _get_all
    requester_user=requester_user)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2api/controllers/resource.py", line 184, in _get_all
    limit = validate_limit_query_param(limit=limit, requester_user=requester_user)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2api/controllers/resource.py", line 625, in validate_limit_query_param
    user_is_admin = rbac_utils.user_is_admin(user_db=requester_user)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2_rbac_backend-3.4.dev0-py3.6.egg/st2rbac_backend/utils.py", line 194, in user_is_admin
    is_system_admin = RBACUtils.user_is_system_admin(user_db=user_db)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2_rbac_backend-3.4.dev0-py3.6.egg/st2rbac_backend/utils.py", line 214, in user_is_system_admin
    return RBACUtils.user_has_role(user_db=user_db, role=SystemRole.SYSTEM_ADMIN)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2_rbac_backend-3.4.dev0-py3.6.egg/st2rbac_backend/utils.py", line 232, in user_has_role
    user_role_dbs = rbac_service.get_roles_for_user(user_db=user_db)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2_rbac_backend-3.4.dev0-py3.6.egg/st2rbac_backend/service.py", line 87, in get_roles_for_user
    queryset = UserRoleAssignment.query(user=user_db.name)
AttributeError: 'NoneType' object has no attribute 'name'
2021-02-08 15:24:46,715 140311874581616 ERROR error_handling [-] API call failed: 'NoneType' object has no attribute 'name'
Traceback (most recent call last):
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2common/middleware/error_handling.py", line 49, in __call__
    return self.app(environ, start_response)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2common/middleware/streaming.py", line 48, in __call__
    return self.app(environ, start_response)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2common/router.py", line 599, in as_wsgi
    resp = self(req)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2common/router.py", line 524, in __call__
    raise e
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2common/router.py", line 516, in __call__
    resp = func(**kw)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2api/controllers/v1/actionalias.py", line 105, in help
    aliases_resp = super(ActionAliasController, self)._get_all(**kwargs)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2api/controllers/resource.py", line 564, in _get_all
    requester_user=requester_user)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2api/controllers/resource.py", line 184, in _get_all
    limit = validate_limit_query_param(limit=limit, requester_user=requester_user)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2api/controllers/resource.py", line 625, in validate_limit_query_param
    user_is_admin = rbac_utils.user_is_admin(user_db=requester_user)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2_rbac_backend-3.4.dev0-py3.6.egg/st2rbac_backend/utils.py", line 194, in user_is_admin
    is_system_admin = RBACUtils.user_is_system_admin(user_db=user_db)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2_rbac_backend-3.4.dev0-py3.6.egg/st2rbac_backend/utils.py", line 214, in user_is_system_admin
    return RBACUtils.user_has_role(user_db=user_db, role=SystemRole.SYSTEM_ADMIN)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2_rbac_backend-3.4.dev0-py3.6.egg/st2rbac_backend/utils.py", line 232, in user_has_role
    user_role_dbs = rbac_service.get_roles_for_user(user_db=user_db)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2_rbac_backend-3.4.dev0-py3.6.egg/st2rbac_backend/service.py", line 87, in get_roles_for_user
    queryset = UserRoleAssignment.query(user=user_db.name)
AttributeError: 'NoneType' object has no attribute 'name' (_exception_class='AttributeError',_exception_message="'NoneType' object has no attribute 'name'",_exception_data={})
2021-02-08 15:24:46,715 140311874581616 INFO logging [-] f9a6d8e1-17c6-4fcc-8615-f01b8dc204e2 - 500 46 15.714ms (method='GET',path='/v1/actionalias/help',remote_addr='127.0.0.1',status=500,runtime=15.714,content_length=46,request_id='f9a6d8e1-17c6-4fcc-8615-f01b8dc204e2')

Endpoint: GET/api/v1/actionalias/help (using user name / password and auth-token).

Result: 500: {'faultstring': 'Internal Server Error'}
@blag
Copy link
Contributor

blag commented Feb 19, 2021
edited
Loading

I can confirm this bug when using err-stackstorm.

@blag blag mentioned this issue Feb 19, 2021
Closed
30 tasks
@pamelin
Copy link

pamelin commented Nov 25, 2022
edited
Loading

This seems to be still an issue with st2 3.7 and err-stackstorm and rbac enabled.

Regardless of the bot even if I hit directly

Endpoint: GET/api/v1/actionalias/help

it throws 500 (with rbac enabled, using system user)

So the issue is not with RBAC in itself but with st2api

https://github.com/StackStorm/st2/blob/master/st2api/st2api/controllers/v1/actionalias.py#L102

@arm4b arm4b added the bug Something isn't working label Nov 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@blag @arm4b @dubi0us @pamelin