Bug 1038278

Summary: can't add memeber with domain/<uuid>/admin token
Product: OpenShift Container Platform Reporter: Peter Ruan <pruan>
Component: NodeAssignee: Luke Meyer <lmeyer>
Status: CLOSED WORKSFORME QA Contact: libra bugs <libra-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.0.0CC: bleanhar, cowei, libra-onpremise-devel, pruan
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-07 00:58:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Peter Ruan 2013-12-04 19:16:23 UTC 
Description of problem:
  Given I have a domain_admin token generated, I should be able to create/remove other members into my domain.  This works in Online, but failed with OSE.

Version-Release number of selected component (if applicable):


How reproducible:
always.

Steps to Reproduce:
1. create a user call demo3   htpasswd /etc/openshift/htpasswd demo3
2  create a domain/<app_id>/admin token  
  rhc authorization add --expires-in 600 --note qbjhti --scope domain/52953fa76892dfbc2e000127/admin -l demo -p 'changeme' --insecure --server 10.14.7.126
   
3. rhc member add demo3 --namespace newdomain --insecure --server 10.14.7.126 --token 'd81e565926f61df12ef4c9a1cd0a747275cd2b2b973854f2f39b703e0ddcce66'


Actual results:
Adding 1 editor to domain ... There is no account with login demo3.


Expected results:
success

Additional info:
Comment 2 Cong Wei 2013-12-05 08:44:18 UTC 
I have tried to reproduce this bug in online and OSE, but the results is success.

Firstly, have you ever tried 'rhc setup' for user 'demo3' before add this member to your domain?
Others,I think 'domain/<app_id>/admin' should be 'domain/<domain_id>/admin'.

results show:
[root@dhcp-9-223 ~]# rhc setup --clean --server 10.4.59.211 -k -l cowei2 
[Eric@dhcp-9-223 ~]$ rhc authorization add --expires-in 600 --note coweidom --scope domain/529fed79378ccea3d300000b/admin --insecure --server 10.4.59.211
Adding authorization ... done

coweidom
--------
  Token:      b17beffc8a3dd3e36004b11f0353dc0b8e9a84825b672b3f512e5f55bfbc28b4
  Scopes:     domain/529fed79378ccea3d300000b/admin
  Created:    11:19 AM
  Expires In: 10 minutes

[Eric@dhcp-9-223 ~]$ rhc member add cowei2 --namespace coweidomain --insecure --server 10.4.59.211 --token 'b17beffc8a3dd3e36004b11f0353dc0b8e9a84825b672b3f512e5f55bfbc28b4'

 Adding 1 editor to domain ... done

[Eric@dhcp-9-223 ~]$ rhc member list -n coweidomain

Login  Role
------ -------------
cowei  admin (owner)
cowei2 edit
Comment 3 Brenton Leanhardt 2013-12-05 15:44:20 UTC 
Were you able to retest this after running 'setup -l' with the new user?

If that works we'll still want to investigate how we can improve lazy user creation.
Comment 4 Peter Ruan 2013-12-07 00:58:09 UTC 
Brenton, I think my VM was corrupted.  I tried it on two different new installation of OSE and they both worked.