vSphere

 View Only
  • 1.  vSphere Client - editing custom role seems to break the definition.

    Posted Jan 14, 2019 08:27 AM

    Hi

    I got an error message from our QA who discoved this problem.

    We have custom roles - they are defined when our plugin is installed, and look like this (as seen in mob)

    AuthorizationRole:

         info:

              description:

                   label: Acme Authorization Role

                   summary:  This is a role used in the acme plugin, bla bla bla

             name: com.acme.plugin.authRole

              privilege:  <list of privs>

         roleId: 123456

         system: false

    After the user uses the Html Plugin, and adds/removes some privilges, the definition for the role (as seen in mob)

    AuthorizationRole:

         info:

              description:

              label: Acme Authorization Role

              summary: Acme Authorization Role

         name: Acme Autorization Role

         privilege: <list of privs>

         roleId: 123456

         system: false

    The problem here is that we search the roles to find our defintions, and since we use the name (com.acme.plugin.authRole) - ...

    Is this problem known?

    Cathy



  • 2.  RE: vSphere Client - editing custom role seems to break the definition.

    Broadcom Employee
    Posted Jan 15, 2019 02:30 PM

    Hi Cathy,

    This is not a known problem.
    Can you provide information about the environment setup.
    By my observation it seems that the label gets copied to the summary and name properties.
    You said that after you use the Html Plugin to add privileges.
    Which Html Plugin ?
    Also what kind of operations does this Html Plugin do ? 

    Martin



  • 3.  RE: vSphere Client - editing custom role seems to break the definition.

    Posted Jan 16, 2019 08:25 AM

    Hi Martin,

    sorry for being so unpercise...

    I just reproduced it to make sure - and I think I know why this happens.

    I reproduced it on a vCenter Appliance Version 6.7.1 build 10244857

    1) During the installation of our plug-in we create 4 custom roles.

    2) Look at the MOB/AuthorizationManager/RoleList  and confirm that the definition is correct

    3) Start the vSphere html Client, -> go to Administration->Roles

         Select the custom role, and click "edit"

         Add/Remove a privilege

         The next tab in this wizard has 2 inputs - Name, Summary.  In the Name Input you see the localized name of the Role, there is no text in the Summary Input (although there should be ....) - don't change anything here, just click ok.

    4) Refresh the MOB, and you can see that the values have changed as described below.

    In our plug-in, we just use the custom roles to determine what the current user can/can not perform.  We do not manipulate them at all.

    If you have any more questions, don't hesitate to ask.

    Cathy



  • 4.  RE: vSphere Client - editing custom role seems to break the definition.

    Broadcom Employee
    Posted Jan 16, 2019 12:08 PM

    Hi Cathy,

    Thanks alot for the detailed answer, this was not a known issue.
    I have raised a bug for this issue and we will start working on it soon.

    Do you have a workaround for this problem ?

    Martin,
    Thanks



  • 5.  RE: vSphere Client - editing custom role seems to break the definition.

    Posted Jan 16, 2019 02:55 PM

    Hi Martin,

    thanks for the answer.  No, I don't have a workaround for the bug.

    For us it means, that we will tell the customers NOT to change our custom role - They should not anyway, and probably do not.

    Just out of interest, is it possible to set a role to "read only" , so it is not possible to change it?  Because that would help us with the problem.

    Cathy



  • 6.  RE: vSphere Client - editing custom role seems to break the definition.

    Posted Jul 29, 2019 12:27 PM

    Hi Martin,

    our QA is waiting for some kind of timeline for this fix, do you have any information about it?

    thanks

    Cathy



  • 7.  RE: vSphere Client - editing custom role seems to break the definition.

    Broadcom Employee
    Posted Aug 05, 2019 11:27 AM

    Hi CathyBr,

    Thanks for raising this again,Together with some internal teams in VMware we narrowed down the problem and fixed it.

    This fix should be available in an upcoming release.

    Thanks,
    Martin