Bug 1121971

Summary: Can't clone application of additional storage within owner domain by admin/edit member which has no additional stroage capability
Product: OpenShift Online Reporter: XiuJuan Wang <xiuwang>
Component: PodAssignee: Abhishek Gupta <abhgupta>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: low Docs Contact:
Priority: medium    
Version: 2.xCC: anli, jliggitt, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1122496 (view as bug list) Environment:
Last Closed: 2014-10-10 00:49:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1122496    

Description XiuJuan Wang 2014-07-22 09:08:50 UTC 
Description of problem:
Create an application adding addition storage in domain1 for account1.
Add account2 to account1 with admin/edit role.(account2 has no additional storage capability)
Clone this app within domain1 by account2.Will show "account1 has requested more additional gear storage than allowed (max: 0 GB)"

Could add storage to domain1's app by account2.

Version-Release number of selected component (if applicable):
devenv_4992
rhc-1.28.1

How reproducible:
always

Steps to Reproduce:
1.Add account2 to account1 as admin/edit member.
rhc member add account2 -r admin -n domain1 

2.Create an application, and add some additional storage.
rhc app create php php-5.3 -n domain1
rhc cartridge-storage php-5.3 -a php --add 10 -n domain1 -l account2

3.Clone this app within domain1 by account2
rhc app create phpc --from-app=domain1/php -n domain1 -l account2

Actual results:
step 3:
]# rhc app create  phpc  --from-app=domain1/php -n domain1 -l account2 
Application Options
-------------------
Domain:     domain1
Cartridges: php-5.3
From app:   php
Gear Size:  Copied from 'php'
Scaling:    no (copied from 'php')

Creating application 'phpc' ... account2 has requested more additional gear storage than allowed (max: 0 GB)

Expected results:
Could clone app of additional storage within owner domain by admin/edit role which has no additional storage capability.

Additional info:
Comment 1 Jordan Liggitt 2014-07-22 13:11:05 UTC 
applications_controller in the broker is doing two checks during app creation, based on the user doing the creation, rather than the owner of the domain:

    if (@cloud_user.consumed_gears >= @cloud_user.max_gears)
      return render_error(:unprocessable_entity,
                          "#{@cloud_user.login} has already reached the gear limit of #{@cloud_user.max_gears}",
                          104)
    end


    if (cartridges.map(&:additional_gear_storage).compact.map(&:to_i).max || 0) > @cloud_user.max_storage
      return render_error(:unprocessable_entity,
                          "#{@cloud_user.login} has requested more additional gear storage than allowed (max: #{@cloud_user.max_storage} GB)",
                          166)
    end


Both of these checks are incorrect... the gears and extra storage should be validated against the capabilities of the owner of the domain where the app is being created, not the calling user.
Comment 2 Jordan Liggitt 2014-07-22 13:14:34 UTC 
Simply need to validate against @domain.owner.consumed_gears and @domain.owner.max_storage
Comment 3 Jordan Liggitt 2014-07-22 13:54:58 UTC 
Will merge fix in https://github.com/openshift/origin-server/pull/5638
Comment 4 openshift-github-bot 2014-07-22 22:08:39 UTC 
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/525547875c4673e2a317c013fd6053ed792c4b58
Bug 1121971: Validate based on domain owner capabilities during app create
Comment 5 XiuJuan Wang 2014-07-23 06:12:41 UTC 
Checked on devenv_4998

Can't reproduce this bug.Will verify this bug after on_qa.
Comment 6 XiuJuan Wang 2014-07-24 05:25:18 UTC 
Verified on devenv_5003

Move bug to VERIFIED.Thanks!