Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes to Rbac::Filterer#skip_references #17429

Merged
merged 2 commits into from
May 16, 2018
Merged

Fixes to Rbac::Filterer#skip_references #17429

merged 2 commits into from
May 16, 2018

Conversation

NickLaMuro
Copy link
Member

This is a followup to #17141 which handles a few more edge cases that were found in the specs in manageiq-ui-classic, in the spec/product/reports_spec.rb.

This addresses two edge cases:

ActiveRecord::NullRelation scopes

When a .none is applied to the targets, which under the hood changes the ActiveRecord::Relation to a ActiveRecord::NullRelation. This causes .to_sql method to change so that it always returns a empty string, which will break the EXPLAIN in Rbac::Filterer#include_references.

The fix here was to just update #skip_references to do some slight introspection into the scope to determine if the .none had been applied, and to always return false on the #skip_references call in the case.

Partially SQL supported MiqExpression

Turns out that MiqExpression objects have partial support for :supported_by_sql, even though the boolean makes it seem like it is yes or no. This means that if you use an "AND" filters with a SQL supported operator like "=" and a none SQL supported operator like "FIND", the exp_sql and exp_includes returned from MiqExpression#to_sql can be non-nil even if options returned is {:supported_by_sql => false}.

This change does a simple check against the exp_sql and exp_includes if {:supported_by_sql => false} to confirm at least the exp_sql is false, and if it isn't, that at least their isn't any includes being added by the MiqExpression. This is a bit of a shortcut, but we probably can safely assume that the MiqExpression would add it's own includes if the exp_sql needed to reference another table, and doing this avoids having to analyze the exp_sql against the main scope to determine that ourselves.

Links

@NickLaMuro
Handle NullRelation scopes for #skip_references
3baa716 
There are some very infrequent edge cases where `targets` passed into
Rbac is a `scope.none`, which is a extended version of
`ActiveRecord::Relation` with the `ActiveRecord::NullRelation` module
extended on top of it.  Part of that module changes `to_sql` to always
return `""` instead of the query it would execute (why this is the case
is beyond me...).  This, as a result, causes an invalid `EXPLAIN` query
to be fired if the include_references is going to be up for skipping.

To avoid this, check if the scope has inherited the `NullRelation`
module, and if it has, don't try to skip and hit the `EXPLAIN`.
@NickLaMuro
Handle MIQExps with partial SQL support in Rbac#skip_references
bb2ab39 
MiqExpression has the functionality to split it's filters into SQL based
and non-SQL based when determining if it is `:supported_by_sql`.

For example, if you have an "AND" expression that filters on both a
column value using "=" and a "FIND" search in the MiqExpression, the
"FIND" will not be filterable via SQL, but the "=" clause will (based on
the column being sorted of course.

This means that `MiqExpression#to_sql` could return something like this:

    ["hosts.name = 'foo'", {:host => {}}, {:supported_by_sql => false}]

Where "hosts.name" would normally be a referenced table/column.

* * *

This change basically updates the check for skip_references so that is
also checks to see if the "exp_sql" is empty, or at least the
"exp_includes" isn't adding anything to the references.  This should
avoid most cases where we would see the EXPLAIN get triggered and fail.
@NickLaMuro
Copy link
Member Author

@miq-bot assign @kbrock
@miq-bot add_label fine/yes, gaprindashvili/yes

cc @jrafanie (since you did some code review as well on the last one)

@NickLaMuro
Copy link
Member Author

Note about the backport suggestions:

While not required to fix any broken functionality, I think it might make sense to backport into the next release just to clean up the logs a bit. Some of the reports that triggered this are from the product/ dir, so seems like we should at least have our own ducks in a row and not spam the logs.

Up for debate though.

@miq-bot
Copy link
Member

miq-bot commented May 16, 2018

Checked commits NickLaMuro/manageiq@3baa716~...bb2ab39 with ruby 2.3.3, rubocop 0.52.1, haml-lint 0.20.0, and yamllint 1.10.0
2 files checked, 0 offenses detected
Everything looks fine. 👍

@kbrock kbrock added this to the Sprint 86 Ending May 21, 2018 milestone May 16, 2018
@kbrock kbrock merged commit 5430d1d into ManageIQ:master May 16, 2018
This was referenced May 16, 2018
Merged
Merged
@JPrause
Copy link
Member

JPrause commented May 24, 2018

@miq-bot add_label blocker

@simaishi simaishi removed the blocker label May 29, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kbrock kbrock

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@NickLaMuro @miq-bot @JPrause @kbrock @simaishi