Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use config.load_defaults for rails 7 with overrides #23176

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

jrafanie
Copy link
Member

@jrafanie jrafanie commented Sep 5, 2024

As far as I can see, belongs_to_required_by_default, is the only override in load_defaults that we manually override. See:
https://github.com/rails/rails/blob/d437ae311f1b9dc40b442e40eb602e020cec4e49/railties/lib/rails/application/configuration.rb#L92

This change makes the override explicit.

Fixes #23172

@jrafanie
Copy link
Member Author

jrafanie commented Sep 5, 2024

@miq-bot cross-repo-tests /all

miq-bot pushed a commit to ManageIQ/manageiq-cross_repo-tests that referenced this pull request Sep 5, 2024
miq-bot pushed a commit to ManageIQ/manageiq-cross_repo-tests that referenced this pull request Sep 5, 2024
@jrafanie
Copy link
Member Author

jrafanie commented Sep 5, 2024

I'm looking at cross repo failures

manageiq-content
    1) Quota Validation VmReconfig quota request removes a disk 
       Failure/Error:
         MiqAeEngine.instantiate("/ManageIQ/system/request/Call_Instance?namespace=System/CommonMethods&" \
                                 "class=QuotaMethods&instance=requested&#{attrs.join('&')}", @user)
  
       MiqAeException::UnknownMethodRc:
         Method exited with rc=Unknown RC: [1]
       # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
       # ./spec/automation/unit/method_validation/requested_spec.rb:6:in `run_automate_method'
       # ./spec/automation/unit/method_validation/requested_spec.rb:265:in `block (3 levels) in <top (required)>'
  
    2) Quota Validation VmReconfig quota request no change
       Failure/Error:
         MiqAeEngine.instantiate("/ManageIQ/system/request/Call_Instance?namespace=System/CommonMethods&" \
                                 "class=QuotaMethods&instance=requested&#{attrs.join('&')}", @user)
  
       MiqAeException::UnknownMethodRc:
         Method exited with rc=Unknown RC: [1]
       # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
       # ./spec/automation/unit/method_validation/requested_spec.rb:6:in `run_automate_method'
       # ./spec/automation/unit/method_validation/requested_spec.rb:289:in `block (3 levels) in <top (required)>'
  
    3) Quota Validation VmReconfig quota request minus 1 cpu and minus 2048 memory
       Failure/Error:
         MiqAeEngine.instantiate("/ManageIQ/system/request/Call_Instance?namespace=System/CommonMethods&" \
                                 "class=QuotaMethods&instance=requested&#{attrs.join('&')}", @user)
  
       MiqAeException::UnknownMethodRc:
         Method exited with rc=Unknown RC: [1]
       # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
       # ./spec/automation/unit/method_validation/requested_spec.rb:6:in `run_automate_method'
       # ./spec/automation/unit/method_validation/requested_spec.rb:281:in `block (3 levels) in <top (required)>'
  
    4) Quota Validation VmReconfig quota request resize 10 to 20 megabyte disk, difference is 10
       Failure/Error:
         MiqAeEngine.instantiate("/ManageIQ/system/request/Call_Instance?namespace=System/CommonMethods&" \
                                 "class=QuotaMethods&instance=requested&#{attrs.join('&')}", @user)
  
       MiqAeException::UnknownMethodRc:
         Method exited with rc=Unknown RC: [1]
       # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
       # ./spec/automation/unit/method_validation/requested_spec.rb:6:in `run_automate_method'
       # ./spec/automation/unit/method_validation/requested_spec.rb:249:in `block (3 levels) in <top (required)>'
  
    5) Quota Validation VmReconfig quota request add 2 cpus and add 4096 memory 
       Failure/Error:
         MiqAeEngine.instantiate("/ManageIQ/system/request/Call_Instance?namespace=System/CommonMethods&" \
                                 "class=QuotaMethods&instance=requested&#{attrs.join('&')}", @user)
  
       MiqAeException::UnknownMethodRc:
         Method exited with rc=Unknown RC: [1]
       # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
       # ./spec/automation/unit/method_validation/requested_spec.rb:6:in `run_automate_method'
       # ./spec/automation/unit/method_validation/requested_spec.rb:240:in `block (3 levels) in <top (required)>'
  
    6) Auto Approval Request Validation exceed memory
       Failure/Error: let(:ws) { MiqAeEngine.instantiate("/System/Request/Call_Method?#{method}&#{args}&#{@value}", @user) }
  
       MiqAeException::UnknownMethodRc:
         Method exited with rc=Unknown RC: [1]
       # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
       # ./spec/automation/unit/method_validation/validate_request_spec.rb:3:in `block (2 levels) in <top (required)>'
       # ./spec/automation/unit/method_validation/validate_request_spec.rb:29:in `block (2 levels) in <top (required)>'
  
    7) Quota Validation Provisioning failure warn memory behaves like check_quota for Provisioning check
       Failure/Error:
         MiqAeEngine.instantiate("/ManageIQ/system/request/Call_Instance?namespace=System/CommonMethods&" \
                                 "class=QuotaMethods&instance=validate_quota&#{attrs.join('&')}", @user)
  
       MiqAeException::UnknownMethodRc:
         Method exited with rc=Unknown RC: [1]
       Shared Example Group: "check_quota for Provisioning" called from ./spec/automation/unit/method_validation/validate_quota_spec.rb:101
       # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
       # ./spec/automation/unit/method_validation/validate_quota_spec.rb:13:in `run_automate_method'
       # ./spec/automation/unit/method_validation/validate_quota_spec.rb:36:in `block (4 levels) in <top (required)>'
  
    8) Quota Validation Provisioning failure max memory behaves like check_quota for Provisioning check
       Failure/Error:
         MiqAeEngine.instantiate("/ManageIQ/system/request/Call_Instance?namespace=System/CommonMethods&" \
                                 "class=QuotaMethods&instance=validate_quota&#{attrs.join('&')}", @user)
  
       MiqAeException::UnknownMethodRc:
         Method exited with rc=Unknown RC: [1]
       Shared Example Group: "check_quota for Provisioning" called from ./spec/automation/unit/method_validation/validate_quota_spec.rb:59
       # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
       # ./spec/automation/unit/method_validation/validate_quota_spec.rb:13:in `run_automate_method'
       # ./spec/automation/unit/method_validation/validate_quota_spec.rb:36:in `block (4 levels) in <top (required)>'
  
    9) Quota Validation Provisioning failure max storage behaves like check_quota for Provisioning check
       Failure/Error:
         MiqAeEngine.instantiate("/ManageIQ/system/request/Call_Instance?namespace=System/CommonMethods&" \
                                 "class=QuotaMethods&instance=validate_quota&#{attrs.join('&')}", @user)
  
       MiqAeException::UnknownMethodRc:
         Method exited with rc=Unknown RC: [1]
       Shared Example Group: "check_quota for Provisioning" called from ./spec/automation/unit/method_validation/validate_quota_spec.rb:69
       # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
       # ./spec/automation/unit/method_validation/validate_quota_spec.rb:13:in `run_automate_method'
       # ./spec/automation/unit/method_validation/validate_quota_spec.rb:36:in `block (4 levels) in <top (required)>'
  
    10) Quota Validation Provisioning failure warn storage behaves like check_quota for Provisioning check
        Failure/Error:
          MiqAeEngine.instantiate("/ManageIQ/system/request/Call_Instance?namespace=System/CommonMethods&" \
                                  "class=QuotaMethods&instance=validate_quota&#{attrs.join('&')}", @user)
  
        MiqAeException::UnknownMethodRc:
          Method exited with rc=Unknown RC: [1]
        Shared Example Group: "check_quota for Provisioning" called from ./spec/automation/unit/method_validation/validate_quota_spec.rb:137
        # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
        # ./spec/automation/unit/method_validation/validate_quota_spec.rb:13:in `run_automate_method'
        # ./spec/automation/unit/method_validation/validate_quota_spec.rb:36:in `block (4 levels) in <top (required)>'
  
    11) Quota Validation Reconfigure  failure max memory behaves like check_quota for Reconfigure check
        Failure/Error:
          MiqAeEngine.instantiate("/ManageIQ/system/request/Call_Instance?namespace=System/CommonMethods&" \
                                  "class=QuotaMethods&instance=validate_quota&#{attrs.join('&')}", @user)
  
        MiqAeException::UnknownMethodRc:
          Method exited with rc=Unknown RC: [1]
        Shared Example Group: "check_quota for Reconfigure" called from ./spec/automation/unit/method_validation/validate_quota_spec.rb:199
        # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
        # ./spec/automation/unit/method_validation/validate_quota_spec.rb:13:in `run_automate_method'
        # ./spec/automation/unit/method_validation/validate_quota_spec.rb:156:in `block (4 levels) in <top (required)>'
  
    12) Quota Validation Reconfigure  failure max storage behaves like check_quota for Reconfigure check
        Failure/Error:
          MiqAeEngine.instantiate("/ManageIQ/system/request/Call_Instance?namespace=System/CommonMethods&" \
                                  "class=QuotaMethods&instance=validate_quota&#{attrs.join('&')}", @user)
  
        MiqAeException::UnknownMethodRc:
          Method exited with rc=Unknown RC: [1]
        Shared Example Group: "check_quota for Reconfigure" called from ./spec/automation/unit/method_validation/validate_quota_spec.rb:211
        # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/user.rb:383:in `with_user'
        # ./spec/automation/unit/method_validation/validate_quota_spec.rb:13:in `run_automate_method'
        # ./spec/automation/unit/method_validation/validate_quota_spec.rb:156:in `block (4 levels) in <top (required)>'
  
    13) ManageIQ::Automate::System::CommonMethods::QuotaMethods::Used returns ok for user counts behaves like used check
        Failure/Error: described_class.new(ae_service).main
  
        TypeError:
          no implicit conversion of Symbol into Integer
        Shared Example Group: "used" called from ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:59
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `to_s'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `used'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:18:in `main'
        # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:41:in `block (3 levels) in <top (required)>'
  
    14) ManageIQ::Automate::System::CommonMethods::QuotaMethods::Used Owner email Owner email only returns ok  behaves like used user quota check
        Failure/Error: described_class.new(ae_service).main
  
        TypeError:
          no implicit conversion of Symbol into Integer
        Shared Example Group: "used user quota" called from ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:96
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `to_s'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `used'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:18:in `main'
        # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:83:in `block (4 levels) in <top (required)>'
  
    15) ManageIQ::Automate::System::CommonMethods::QuotaMethods::Used Owner email Requester email only returns ok  behaves like used user quota check
        Failure/Error: described_class.new(ae_service).main
  
        TypeError:
          no implicit conversion of Symbol into Integer
        Shared Example Group: "used user quota" called from ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:89
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `to_s'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `used'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:18:in `main'
        # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:83:in `block (4 levels) in <top (required)>'
  
    16) ManageIQ::Automate::System::CommonMethods::QuotaMethods::Used Owner email Requester and Owner email returns ok  behaves like used user quota check
        Failure/Error: described_class.new(ae_service).main
  
        TypeError:
          no implicit conversion of Symbol into Integer
        Shared Example Group: "used user quota" called from ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:102
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `to_s'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `used'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:18:in `main'
        # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:83:in `block (4 levels) in <top (required)>'
  
    17) ManageIQ::Automate::System::CommonMethods::QuotaMethods::Used returns error  when no quota source type
        Failure/Error: expect { described_class.new(ae_service).main }.to raise_error(errormsg)
  
          expected Exception with "ERROR - quota_source_type not found", got #<TypeError: no implicit conversion of Symbol into Integer> with backtrace:
            # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `to_s'
            # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `used'
            # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:18:in `main'
            # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:124:in `block (4 levels) in <top (required)>'
            # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:124:in `block (3 levels) in <top (required)>'
        # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:124:in `block (3 levels) in <top (required)>'
  
    18) ManageIQ::Automate::System::CommonMethods::QuotaMethods::Used returns error  when no owner or requester email
        Failure/Error: expect { described_class.new(ae_service).main }.to raise_error(errormsg)
  
          expected Exception with "ERROR - Owner email not specified for User Quota", got #<TypeError: no implicit conversion of Symbol into Integer> with backtrace:
            # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `to_s'
            # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `used'
            # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:18:in `main'
            # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:114:in `block (4 levels) in <top (required)>'
            # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:114:in `block (3 levels) in <top (required)>'
        # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:114:in `block (3 levels) in <top (required)>'
  
    19) ManageIQ::Automate::System::CommonMethods::QuotaMethods::Used returns ok for tenant counts behaves like used check
        Failure/Error: described_class.new(ae_service).main
  
        TypeError:
          no implicit conversion of Symbol into Integer
        Shared Example Group: "used" called from ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:51
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `to_s'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `used'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:18:in `main'
        # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:41:in `block (3 levels) in <top (required)>'
  
    20) ManageIQ::Automate::System::CommonMethods::QuotaMethods::Used returns ok for group counts behaves like used check
        Failure/Error: described_class.new(ae_service).main
  
        TypeError:
          no implicit conversion of Symbol into Integer
        Shared Example Group: "used" called from ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:67
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `to_s'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:25:in `used'
        # ./content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used.rb:18:in `main'
        # ./spec/content/automate/ManageIQ/System/CommonMethods/QuotaMethods.class/__methods__/used_spec.rb:41:in `block (3 levels) in <top (required)>'
manageiq-providers-amazon
    1) ManageIQ::Providers::Amazon::StorageManager::S3::Refresher destructive operations (objects) remove object (process)
       Failure/Error: if key.end_with? "/" # delete object with subobjects (aka. folder)
  
       NoMethodError:
         undefined method `end_with?' for nil:NilClass
       # ./app/models/manageiq/providers/amazon/storage_manager/s3/cloud_object_store_object.rb:19:in `raw_delete'
       # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/cloud_object_store_object/operations.rb:5:in `cloud_object_store_object_delete'
       # ./spec/models/manageiq/providers/amazon/storage_manager/s3/stubbed_refresher_spec.rb:229:in `block (5 levels) in <top (required)>'
       # ./spec/models/manageiq/providers/amazon/storage_manager/s3/stubbed_refresher_spec.rb:229:in `block (4 levels) in <top (required)>'
       # ./spec/models/manageiq/providers/amazon/aws_helper.rb:11:in `with_aws_stubbed'
       # ./spec/models/manageiq/providers/amazon/storage_manager/s3/stubbed_refresher_spec.rb:227:in `block (3 levels) in <top (required)>'
  
    2) ManageIQ::Providers::Amazon::StorageManager::S3::Refresher destructive operations (objects) object delete triggers remote deletion
       Failure/Error: if key.end_with? "/" # delete object with subobjects (aka. folder)
  
       NoMethodError:
         undefined method `end_with?' for nil:NilClass
       # ./app/models/manageiq/providers/amazon/storage_manager/s3/cloud_object_store_object.rb:19:in `raw_delete'
       # /home/runner/work/manageiq-cross_repo-tests/manageiq-cross_repo-tests/repos/ManageIQ/manageiq@cbda86404ed4f777beef430ef939df36ce8d6de5/app/models/cloud_object_store_object/operations.rb:5:in `cloud_object_store_object_delete'
       # ./spec/models/manageiq/providers/amazon/storage_manager/s3/stubbed_refresher_spec.rb:216:in `block (4 levels) in <top (required)>'
       # ./spec/models/manageiq/providers/amazon/aws_helper.rb:11:in `with_aws_stubbed'
       # ./spec/models/manageiq/providers/amazon/storage_manager/s3/stubbed_refresher_spec.rb:215:in `block (3 levels) in <top (required)>'
  
    3) ManageIQ::Providers::Amazon::StorageManager::S3::Refresher destructive operations (objects) objects's provider_object is of expected type
       Failure/Error: cloud_object_store_container.provider_object(connection).object(key)
  
       ArgumentError:
         missing required option :key
       # ./app/models/manageiq/providers/amazon/storage_manager/s3/cloud_object_store_object.rb:15:in `provider_object'
       # ./spec/models/manageiq/providers/amazon/storage_manager/s3/stubbed_refresher_spec.rb:205:in `block (4 levels) in <top (required)>'
       # ./spec/models/manageiq/providers/amazon/aws_helper.rb:11:in `with_aws_stubbed'
       # ./spec/models/manageiq/providers/amazon/storage_manager/s3/stubbed_refresher_spec.rb:204:in `block (3 levels) in <top (required)>'

Seems to be caused by active_record.partial_inserts = false

manageiq-ui-classic
    1) SecurityGroupHelper::TextualSummary.textual_group_firewall returns TextualTable struct with list of of firewall rules
       Failure/Error: rule.port_range.to_s(:dash)
  
       ArgumentError:
         wrong number of arguments (given 1, expected 0)
       # ./app/helpers/security_group_helper/textual_summary.rb:105:in `to_s'
       # ./app/helpers/security_group_helper/textual_summary.rb:105:in `port_range_helper'
       # ./app/helpers/security_group_helper/textual_summary.rb:44:in `block in textual_group_firewall'
       # ./app/helpers/security_group_helper/textual_summary.rb:39:in `collect'
       # ./app/helpers/security_group_helper/textual_summary.rb:39:in `textual_group_firewall'
       # ./spec/helpers/security_group_helper/textual_summary_spec.rb:7:in `block (3 levels) in <top (required)>'
       # ./spec/helpers/security_group_helper/textual_summary_spec.rb:14:in `block (3 levels) in <top (required)>'

@jrafanie
Copy link
Member Author

jrafanie commented Sep 5, 2024

I'm testing this using this in my config/application.rb.

click me config.load_defaults 6.1 #1 config.action_dispatch.default_headers = { "X-Frame-Options" => "SAMEORIGIN", "X-XSS-Protection" => "0", "X-Content-Type-Options" => "nosniff", "X-Download-Options" => "noopen", "X-Permitted-Cross-Domain-Policies" => "none", "Referrer-Policy" => "strict-origin-when-cross-origin" } # 2 # config.action_dispatch.return_only_request_media_type_on_content_type = true config.action_dispatch.return_only_request_media_type_on_content_type = false # 3 # config.action_dispatch.cookies_serializer = nil config.action_dispatch.cookies_serializer = :json # 4 # config.action_view.button_to_generates_button_tag = nil config.action_view.button_to_generates_button_tag = true # 5 # config.action_view.apply_stylesheet_media_default = true config.action_view.apply_stylesheet_media_default = false # 6 # config.active_support.hash_digest_class = OpenSSL::Digest::SHA1 config.active_support.hash_digest_class = OpenSSL::Digest::SHA256 # 7 # config.active_support.key_generator_hash_digest_class = nil config.active_support.key_generator_hash_digest_class = OpenSSL::Digest::SHA256 # 8 # config.active_support.remove_deprecated_time_with_zone_name = nil config.active_support.remove_deprecated_time_with_zone_name = true # 9 # config.active_support.cache_format_version = nil config.active_support.cache_format_version = 7.0 # 10 # config.active_support.use_rfc4122_namespaced_uuids = nil config.active_support.use_rfc4122_namespaced_uuids = true # 11 # config.active_support.executor_around_test_case = nil config.active_support.executor_around_test_case = true # 12 # config.active_support.disable_to_s_conversion = false config.active_support.disable_to_s_conversion = true # 13 # config.action_mailer.smtp_timeout = nil config.action_mailer.smtp_timeout = 5 # 14 # config.active_record.verify_foreign_keys_for_fixtures = nil config.active_record.verify_foreign_keys_for_fixtures = true # 15 # config.active_record.partial_inserts = nil config.active_record.partial_inserts = false # 16 # config.active_record.automatic_scope_inversing = nil config.active_record.automatic_scope_inversing = true # 17 # config.action_controller.raise_on_open_redirects = false config.action_controller.raise_on_open_redirects = true # 18 # config.action_controller.wrap_parameters_by_default = false config.action_controller.wrap_parameters_by_default = true

That's from here. Only active storage is unconfigured so no need to test.

@jrafanie jrafanie force-pushed the use_rails_7_load_defaults branch 2 times, most recently from 1d788ba to 8a87f56 Compare September 6, 2024 13:55

# Disable this setting as it causes MiqRegion.seed to fail validation on belongs_to maintenance zone.
# TODO: We should fix this so we don't need to carry this override.
config.active_record.belongs_to_required_by_default = false
Copy link
Member Author

@jrafanie jrafanie Sep 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Below are the value before and value with rails 7 default

Overrides(seen above):

# Log the deprecations so we can fix them.
config.active_support.remove_deprecated_time_with_zone_name = true
config.active_support.disable_to_s_conversion = true

# Causes test failures in content, amazon provider, and ui-classic without it
config.active_record.partial_inserts = false

# X-XSS-Protection is overridden from the rails 7 default back to "1; mode=block"
# Rails 7:
    config.action_dispatch.default_headers = {
              "X-Frame-Options" => "SAMEORIGIN",
              "X-XSS-Protection" => "0",
              "X-Content-Type-Options" => "nosniff",
              "X-Download-Options" => "noopen",
              "X-Permitted-Cross-Domain-Policies" => "none",
              "Referrer-Policy" => "strict-origin-when-cross-origin"
            }
# Previously:
    config.action_dispatch.default_headers = {
              "X-Frame-Options" => "SAMEORIGIN",
              "X-XSS-Protection" => "1; mode=block"
              "X-Content-Type-Options" => "nosniff",
              "X-Download-Options" => "noopen",
              "X-Permitted-Cross-Domain-Policies" => "none",
              "Referrer-Policy" => "strict-origin-when-cross-origin"
            }

Using default value from rails 7

Note, prior values were either nil or false.

config.action_dispatch.return_only_request_media_type_on_content_type = false
config.action_dispatch.cookies_serializer = :json
config.action_view.button_to_generates_button_tag = true
config.action_view.apply_stylesheet_media_default = false
config.active_support.key_generator_hash_digest_class = OpenSSL::Digest::SHA256
config.active_support.cache_format_version = 7.0
config.active_support.use_rfc4122_namespaced_uuids = true
config.active_support.executor_around_test_case = true
config.action_mailer.smtp_timeout = 5
config.active_record.verify_foreign_keys_for_fixtures = true
config.active_record.automatic_scope_inversing = true
config.action_controller.raise_on_open_redirects = true
config.action_controller.wrap_parameters_by_default = true

# Using default value from rails 7.  Was previously: OpenSSL::Digest::SHA1
config.active_support.hash_digest_class = OpenSSL::Digest::SHA256

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Fryguy @kbrock do any of the "Using default value from rails 7" section above concern you? They were either nil/false previously or as provided above. Overrides section above describes the overrides we have in the application.rb so we can try to resolve them in the future.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI - cross repo is green but I wanted to review the changes I found between current and going to rails 7 defaults.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll have to go through them, because I don't really understand each of them.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI, here's the git blame for 7.0 defaults. Note, I've already reviewed the overrides seen above. I think the others we're accepting the rails 7 defaults should either be covered by tests or something we'll find out when others start playing with it. The OpenSSL changes may not be tested in our tests that well so it's on the list of more concerning.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Funny enough, there was an issue where someone was pointing out how these defaults are not universally documented. https://www.github.com/rails/rails/issues/50238

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way to just spit out the configuration? (Like a rails CLI command or something?)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way to just spit out the configuration? (Like a rails CLI command or something?)

Wouldn't that be great? I couldn't find a way. I was walking the configuration and trying to print it and it was a mess. A git diff of the configuration would be great.

For now, I think we run the rake task to update our configuration each time we try to do upgrades and check the new defaults. I think it won't impose new defaults on existing apps so you'd have to bring in new configuration changes and then review the new defaults to determine which you want to accept or reject.

I think we can accept several of these and make plans to fix the rest. I think the X-XSS-Protection has been proven to be unusable so we can probably just drop that unless we know why we need to keep it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

config.action_controller.raise_on_open_redirects = true... sounds like a good change to raise if redirect to is called on untrusted URL

Fun. Redirecting to untrusted URLs was specifically highlighted in a security course I just took.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm going to test with x-xss-protection disabled. It sounds like that is the way going forward for secure headers, rails and even browsers not supporting it.

See: https://www.github.com/github/secure_headers/issues/439

@jrafanie jrafanie changed the title Use config.load_defaults for rails 7 with 1 override Use config.load_defaults for rails 7 with overrides Sep 6, 2024
@jrafanie jrafanie force-pushed the use_rails_7_load_defaults branch from 8a87f56 to a6aa43c Compare September 12, 2024 17:13
Copy link
Member

@kbrock kbrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good.

I do wonder if we want to fix the failures when partial_inserts = false. Having said that, I believe this should be set to true, like you do in this PR, so maybe that is just academic.

I do like the trivial fixes from the rubocops/bot.

config.active_support.disable_to_s_conversion = false

# TODO: If disabled, causes cross repo test failures in content, ui-classic and amazon provider
config.active_record.partial_inserts = true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm guessing this will not bother inserting default values.
This makes me concerned.

Wonder if defaults setup in attribute or default_value_for confuse our implementation.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, I haven't dug into it but did read that defaults are the area that can be broken by this. I would assume our defaulting mechanisms could be adjusted to make the tests and code pass with this disabled.

@jrafanie
Copy link
Member Author

jrafanie commented Sep 19, 2024

config.action_dispatch.return_only_request_media_type_on_content_type = false

https://www.github.com/rails/rails/pull/36946
https://www.github.com/rails-api/active_model_serializers/pull/2340
"Rails 6 changes the default behavior of ActionDispatch::Response#content_type, which now returns the Content-Type header as it is."

config.action_dispatch.cookies_serializer = :json
Previously was marshal if you didn't specify it in a serializer. I think this should be ok.
https://www.github.com/rails/rails/pull/42538
https://www.github.com/rails/rails/pull/45172

config.action_view.button_to_generates_button_tag = true
determines whether button_to will render <button> element, regardless of whether or not the content is passed as the first argument or as a block.
https://www.github.com/rails/rails/pull/41055

https://github.com/rails/rails/blob/d437ae311f1b9dc40b442e40eb602e020cec4e49/railties/lib/rails/application/configuration.rb#L92
* belongs_to_required_by_default must be overridden or seeding fails
* Partial inserts cause test failures in ui-classic, content, and amazon provider
* Need to investigate the X-XSS-Protection change before using default of disabling it
* Allow deprecations to be found and fixed

Fixes ManageIQ#23172
Both rails and secure header are now shipping with 0 by default.

See: https://www.github.com/github/secure_headers/issues/439
@jrafanie jrafanie force-pushed the use_rails_7_load_defaults branch from a6aa43c to a393d4a Compare September 20, 2024 15:08
@miq-bot
Copy link
Member

miq-bot commented Sep 20, 2024

Checked commits jrafanie/manageiq@f7395d4~...a393d4a with ruby 3.1.5, rubocop 1.56.3, haml-lint 0.51.0, and yamllint
2 files checked, 2 offenses detected

config/application.rb

config/initializers/secure_headers.rb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Enable config.load_defaults in rails application.rb and determine which defaults we need to modify
4 participants