Bug 1025691

Summary: Can't add/remove members to domain with admin domain token which is generated by domain owner or admin member
Product: OpenShift Online Reporter: XiuJuan Wang <xiuwang>
Component: ocAssignee: Jessica Forrester <jforrest>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: high Docs Contact:
Priority: medium    
Version: 2.xCC: ffranz, jforrest
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-24 03:28:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description XiuJuan Wang 2013-11-01 10:08:36 UTC 
Description of problem:

Generate an admin domain token with domain owner or admin member, and try to  add/remove members to a  domain with domain admin token,
it will fail and show "There is no account with login xx".

Version-Release number of selected component (if applicable):
rhc 1.16.8
devenv-stage_546

How reproducible:
always

Steps to Reproduce:
1.create admin domain token with domain owner or admin member
2.Check authorization of this user
3.Add member with a exist account to a domain use domain admin token
4.list members of this user
5.remove a exist member from domain with --token

Actual results:
1.[wxj@wangxiuj]$ rhc authorization-add --scopes domain/52731fff0da65753c2000010/admin --note admin-token
Adding authorization ... done

admin-token
-----------
  Token:      666bd9d6117d714ce8008557f43442e04ec446c34370871ada5346dcd4feb7d6
  Scopes:     domain/52731fff0da65753c2000010/admin
  Created:    5:39 PM
  Expires In: about 6 months
2.[wxj@wangxiuj]$ rhc authorization
admin-token
-----------
  Token:      d1860a56c558b17f858a3b003caf69cb2381d8f18062983195be59a32aec27df
  Scopes:     domain/52734d020da6578e510001ec/admin
  Created:    5:42 PM
  Expires In: about 6 months
3.[wxj@wangxiuj]$ rhc add-member xiuwang+3 -r admin -n xiu --token  d1860a56c558b17f858a3b003caf69cb2381d8f18062983195be59a32aec27df
Adding 1 administrator to domain ... There is no account with login xiuwang+3.

4.[wxj@wangxiuj]$ rhc member-list -n xiu
Login                Role
-------------------- -------------
xiuwang+2 admin (owner)
xiuwang+1 edit
5.[wxj@wangxiuj]$ rhc member-remove xiuwang+1 -n xiu --token d1860a56c558b17f858a3b003caf69cb2381d8f18062983195be59a32aec27df
Removing 1 member from domain ... There is no account with login xiuwang+1.


Expected results:
should add/remove members successfully

Additional info:
Comment 1 Clayton Coleman 2013-11-01 18:56:35 UTC 
Will fix for 2.0, does not block sprint 35 exit
Comment 2 Jessica Forrester 2013-11-11 18:57:18 UTC 
Fix is in https://github.com/openshift/origin-server/pull/4122
Comment 3 openshift-github-bot 2013-11-11 22:11:20 UTC 
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/9fbbddb6afa37a02a1e78f6eb75aa9f652a35b48
Bug 1025691 - can't add member to a domain when authenticate with token
Comment 4 XiuJuan Wang 2013-11-12 09:37:23 UTC 
denenv_4022
lastest rhc build from the server

Now this problem works well

[wxj@wangxiuj .openshift]$ rhc member-add xiuwang+3 -n cat -r admin  --token 892c263cead20d3abd1683829dfaade597b8ad34f77a3401ab7d43201375cba7
Adding 1 administrator to domain ... done