Bug 1001992

Summary: Cannot complete tasks which requires 'stage' role in DTGov
Product: [JBoss] JBoss Fuse Service Works 6 Reporter: Stefan Bunciak <sbunciak>
Component: DT GovernanceAssignee: Eric Wittmann <eric.wittmann>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Sedlacek <jsedlace>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 6.0.0 GACC: atangrin, kconner, oskutka, soa-p-jira
Target Milestone: ER3   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Stefan Bunciak 2013-08-28 09:25:20 UTC 
Description of problem:

org.overlord.sramp.atom.err.SrampAtomException: Permission denied to perform actions "[read]" on path <unknown>

Server stack trace: http://pastebin.test.redhat.com/160778

Version-Release number of selected component (if applicable):


How reproducible:
* Always

Steps to Reproduce:
1. Install DTGov 
2. Create new deployment
3. Complete user tasks of the Release Process to 'Stage' env
4. Log in to DTGov with user 'Scott' (or diferent with role 'stage')

Actual results:

* Cannot list deployments at http://localhost:8080/dtgov-ui/#deployments
* Cannot complete appropriate tasks which requires 'stage' role. User can list the tasks but cannot open task details and complete the task.

Expected results:

* User can complete tasks requireing 'stage' role

Additional info:

* To complete task user probably needs some additional roles associated (admin|sramp). Current configuration doesn't allow to complete task only with roles overlorduser,stage.
Comment 1 JBoss JIRA Server 2013-09-05 18:42:45 UTC 
Eric Wittmann <eric.wittmann> updated the status of jira SRAMP-236 to Resolved
Comment 2 JBoss JIRA Server 2013-09-05 18:42:55 UTC 
Eric Wittmann <eric.wittmann> updated the status of jira SRAMP-236 to Closed
Comment 3 Eric Wittmann 2013-09-05 18:47:13 UTC 
The overlord-idp-roles.properties JAAS configuration file used by the Overlord IDP was missing a critical ModeShape role.  This role was needed so that users could actually perform s-ramp operations.  Without this, parts of DTGov would fail.

The role is:

  admin.sramp

I have added this role to all users in the IDP's jaas config file here:

https://github.com/Governance/overlord-commons/blob/master/overlord-commons-idp/src/main/resources/overlord-idp-roles.properties
Comment 4 Stefan Bunciak 2013-09-10 08:30:36 UTC 
The patch probably hasn't maded to ER2 build. I've installed FSW + DTGov 6.0.0.ER2 via instaler and the standalone/configuration/overlord-idp-roles.properties file still contains wrong roles configuration:

admin=overlorduser,overlordadmin
eric=overlorduser,admin.sramp,dev,qa
gary=overlorduser,admin.sramp,dev,qa
kevin=overlorduser,admin.sramp,dev,qa
kurt=overlorduser,admin.sramp,dev,qa
greg=overlorduser,qa
david=overlorduser,qa
scott=overlorduser,stage
phil=overlorduser,prod
Comment 5 Eric Wittmann 2013-09-10 11:47:26 UTC 
Note that the fix in community is in the overlord-commons (overlord-commons-idp) project.  I have confirmed that I *did* merge that change into the product branch in github.  So Stefan is probably right - the change didn't make it into ER2...
Comment 6 Stefan Bunciak 2013-09-23 14:24:39 UTC 
Verified in FSW 6.0.0.ER3. By default only 1 user is active (admin), others are disabled but roles are properly configured.