[Petrosian] Mask request logs for end user

[rabah-beldi]

Hello,

I have just migrated from the Oparin version to Petrosian and I notice that the logs of a request are displayed at the level of services > requests, which is problematic as our end users will be able to access confidential information such as passwords, etc. Is there a way to hide the "Request logs" section for users? I cannot prohibit access to requests, otherwise they won't be able to use the copy button.

Thank you in advance for your help.

[jrafanie]

@rabah-beldi checkout ManageIQ/manageiq-ui-classic#8920 and the related issue: ManageIQ/manageiq-ui-classic#8772

cc @DavidResende0

[rabah-beldi]

@jrafanie great! Many thanks

[rabah-beldi]

Hello, I've made modifications to the files, and after restarting the EVM server, I can see logs appearing in the role configurations. However, it doesn't seem to be working; users still have access to the logs. Is there anything else I need to do to make it work? Perhaps updating the database? Thanks in advance for your assistance

[jrafanie]

Hi @rabah-beldi, if you applied both ManageIQ/manageiq-ui-classic#8920 and #22701, did you create a user without that permission, miq_request_show_logs "logs/(Display Request Logs)? If you didn't apply the 22701 PR and restart the server, you wouldn't see that new permission. If you see it and you created a user, make sure you give them permission to the sibling permissions like this:

If you give full permission to the "View" permission (the parent node to "logs"), all nodes below it are inherited, so by default all users will get this permissions if they can see requests. You'd have to manually select "list" and "show" but leave "logs" unchecked.

If you did all that, perhaps you need to recompile your assets if you're running in production mode. Are you on appliances? If you are, please test this in a test environment.

Make sure you have node installed, you can then update the UI code, including compiling the changed asset by running bundle exec rake update:ui from vmdb directory.

@DavidResende0 does that sound correct?

[rabah-beldi]

Yes ! I applied both ManageIQ/manageiq-ui-classic#8920 and #22701.
Before:

After:

But users still have access to request logs.
I've tried compliling with the "bundle exec rake update:ui" command and I get the following error, it's stuck.

bundle exec rake update:ui
== ManageIQ::Providers::CiscoIntersight::Engine ==
➤ YN0000: ┌ Resolution step
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step
➤ YN0000: └ Completed
➤ YN0000: ┌ Link step
➤ YN0000: └ Completed
➤ YN0000: Done in 0s 133ms
== ManageIQ::Providers::IbmCloud::Engine ==
➤ YN0000: ┌ Resolution step
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step
➤ YN0000: └ Completed
➤ YN0000: ┌ Link step
➤ YN0000: └ Completed
➤ YN0000: Done in 0s 84ms
== ManageIQ::Providers::IbmPowerVc::Engine ==
➤ YN0000: ┌ Resolution step
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step
➤ YN0000: └ Completed
➤ YN0000: ┌ Link step
➤ YN0000: └ Completed
➤ YN0000: Done in 0s 129ms
== ManageIQ::Providers::Lenovo::Engine ==
➤ YN0000: ┌ Resolution step
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step
➤ YN0000: └ Completed
➤ YN0000: ┌ Link step
➤ YN0000: └ Completed
➤ YN0000: Done in 0s 100ms
== ManageIQ::Providers::Nsxt::Engine ==
➤ YN0000: ┌ Resolution step
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step
➤ YN0013: │ babel-plugin-add-module-exports@npm:0.2.1 can't be found in the cache and will be fetched from the remote registry
➤ YN0013: │ babel-plugin-check-es2015-constants@npm:6.22.0 can't be found in the cache and will be fetched from the remote registry
➤ YN0013: │ babel-plugin-syntax-async-functions@npm:6.13.0 can't be found in the cache and will be fetched from the remote registry
➤ YN0013: │ babel-plugin-syntax-async-generators@npm:6.13.0 can't be found in the cache and will be fetched from the remote registry
➤ YN0013: │ babel-plugin-syntax-class-constructor-call@npm:6.18.0 can't be found in the cache and will be fetched from the remote registry
➤ YN0000: ⠹ --------------------------------------------------------------------------------

yarn version
yarn version v1.22.19
error Couldn't find a package.json file in "/var/www/miq/vmdb"
info Visit https://yarnpkg.com/en/docs/cli/version for documentation about this command.

node
Welcome to Node.js v12.20.1.
Type ".help" for more information.

[jrafanie]

@DavidResende0 @jeffibm @Fryguy do you know what version of node is ok on petrosian? Maybe my instructions are incorrect? I see it's node 12. I didn't want to sugget bin/update from vmdb to avoid changing gem versions since it's only the UI haml change we need to compile. It's either the haml change wasn't applied correctly or it needs to be compiled and wasn't. Is there something else to try?

[DavidResende0]

@jeffibm can you confirm but I think petrosian uses node v18 (ManageIQ/manageiq-ui-classic@4deec06)

[jeffibm]

petrosian uses node 18
PR - https://github.com/ManageIQ/manageiq-ui-classic/pull/8689/files

[Fryguy]

I'm not sure why Node 12 is appearing there because we don't ship node or yarn at all on the production appliances. It's not possible to "build" the UI in those appliances.

[Fryguy]

That being said, do haml changes require recompilation? I didn't think they did because they are server side, but perhaps I'm mistaken.

[rabah-beldi]

I haven't yet upgraded the production environment; this pertains to the non-production environment. I performed the upgrade in the conventional manner, from the Oparin version to Petrosian. Are there any specific steps for this upgrade? Do you have a procedure to share with me? Thanks in advance

[jrafanie]

There were a discussion around the ruby 3/pg 13 upgrade in oparin/petrosian you can try https://github.com/orgs/ManageIQ/discussions/22295 and also https://github.com/orgs/ManageIQ/discussions/22745

If you're already using postgresql 13, ruby 3, you can skip the parts about them.