Merge pull request #2400 from tpurschke/develop

Develop 8.2.1 fix misleading UI error message for unauthorised access

.github/workflows/test-install.yml

@@ -21,29 +21,30 @@ on:
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # ubuntu18 was unstable at github (2022-07-06 - 2022-07-11)
-  # test_ubuntu_18:
-  #   name: test build on ubuntu_18
-  #   runs-on: ubuntu-18.04
+  # # ubuntu18 was unstable at github (2022-07-06 - 2022-07-11)
+  # # does not seem to be supported by hithub anymore (2024-05-01)
+
+  # test_ubuntu_20:
+  #   name: test build on ubuntu_20
+  #   runs-on: ubuntu-20.04
   #   steps:
   #   - uses: actions/checkout@v3
   #   - name: do test install in case of merged pull request
-  #     run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K
-
-  test_ubuntu_20:
-    name: test build on ubuntu_20
-    runs-on: ubuntu-20.04
-    steps:
-    - uses: actions/checkout@v3
-    - name: do test install in case of merged pull request
-      run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes site.yml -K
-#      run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K
+  #     run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e force_install=true site.yml -K
 
   # test_ubuntu_22:
   #   name: test build on  ubuntu_22
   #   runs-on: ubuntu-22.04
   #   steps:
   #   - uses: actions/checkout@v3
   #   - name: do test install in case of merged pull request
-  #     run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes site.yml -K
-      # run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K
+  #     run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e force_install=true site.yml -K
+
+  test_ubuntu_latest:
+    name: test build on ubuntu latest
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: do test install in case of merged pull request
+      run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e force_install=true site.yml -K
+

documentation/revision-history-develop.md

@@ -202,3 +202,6 @@ bugfix release:
 - fix demo managements (change import from deactivated to activated - does not affect test managements)
 - upgrade to dotnet 8.0
 - adding all imported modelling users to uiuser
+
+# 8.2.1 - xx.05.2024 DEVELOP
+- fix misleading login error message when authorisation is missing

inventory/group_vars/all.yml

@@ -1,5 +1,5 @@
 ### general settings
-product_version: "8.2"
+product_version: "8.2.1"
 ansible_user: "{{ lookup('env', 'USER') }}"
 ansible_become_method: sudo
 ansible_python_interpreter: /usr/bin/python3
@@ -22,7 +22,6 @@ sample_hostname: "{{ groups['sampleserver'].0 }}"
 #   upgrade       - installs on top of an existing system preserving any existing data in ldap, database, api
 installation_mode: new
 install_syslog: true
-run_on_github: false
 add_demo_data: true
 api_docu: false
 force_install: false

roles/common/tasks/main.yml

@@ -1,11 +1,10 @@
   - block: 
 
-    - name: assert ansible version gt 2.13
+    - name: assert ansible version gt 2.12
       fail:
         msg: Ansible 2.13 or above is required
       when: ansible_version.full is version('2.13', '<')
 
-
     - name: check for existing main config file {{ fworch_conf_file }}
       stat:
         path: "{{ fworch_conf_file }}"
@@ -93,23 +92,10 @@
             - There are upgradable OS packages available, please run OS upgrade before running FWORCH installer. 
             - Use "-e force_install=true" to overwrite this check and install anyway at your own risk.
       when: |
-        not force_install|bool and not run_on_github|bool and
+        not force_install|bool and
         (ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian") and
         upgradable_packages.stdout_lines|length > 1
 
-
-    # - name: fix grub-efi (for github actions)
-    #   apt:
-    #     upgrade: dist
-    #     update_cache: true
-    #   when: ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian" and run_on_github|bool
-
-    # - name: update operating system packages .deb based (for github actions)
-    #   apt:
-    #     upgrade: dist
-    #     update_cache: true
-    #   when: ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian" and run_on_github|bool
-
     - name: update operating system packages .rpm based (untested)
       yum:
         upgrade: dist

roles/database/files/sql/idempotent/fworch-texts.sql

@@ -273,6 +273,8 @@ INSERT INTO txt VALUES ('permissions_text',		'German', 	'Ihre Berechtigungen wur
 INSERT INTO txt VALUES ('permissions_text',		'English', 	'Your permissions have been changed. Re-login to update your permissions.');
 INSERT INTO txt VALUES ('login_importer_error',	'German', 	'Nutzer mit der Rolle "Importer" dürfen sich nicht an der Benutzeroberfläche anmelden. Diese Rolle dient einzig dem Importieren von eingebundenen Geräten.');
 INSERT INTO txt VALUES ('login_importer_error',	'English', 	'Users with role "importer" are not allowed to log into the user interface. The only purpose of this role is to import included devices.');
+INSERT INTO txt VALUES ('not_authorized',	    'German', 	'Authentisierung OK, aber keine Berechtigung/Authorisierung vorhanden.');
+INSERT INTO txt VALUES ('not_authorized',	    'English', 	'Authentication succeeded, but not authorized.');
 
 -- navigation
 INSERT INTO txt VALUES ('reporting', 			'German',	'Reporting');

roles/test/tasks/main.yml

@@ -62,7 +62,6 @@
 
 - name: auth testing
   import_tasks: test-auth.yml
-  when: "not run_on_github|bool"
 
 - name: api testing
   import_tasks: test-api.yml

roles/test/tasks/test-auth.yml

@@ -7,7 +7,6 @@
     connect_timeout: 1
     delay: 10
     timeout: 25
-  when: "not run_on_github|bool"
 
 - name: middleware test get jwt valid creds
   uri: