Bug 1303099
Summary: | service retirement requests are always ran by the admin user | ||
---|---|---|---|
Product: | Red Hat CloudForms Management Engine | Reporter: | John Prause <jprause> |
Component: | Automate | Assignee: | Tina Fitzgerald <tfitzger> |
Status: | CLOSED NOTABUG | QA Contact: | Dave Johnson <dajohnso> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 5.5.0 | CC: | cpelland, dajohnso, fdewaley, gmccullo, jhardy, mkanoor, obarenbo, sshveta, tfitzger, wfitzger |
Target Milestone: | GA | Keywords: | Reopened, ZStream |
Target Release: | 5.5.3 | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1297382 | Environment: | |
Last Closed: | 2016-02-12 13:59:52 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1297382 | ||
Bug Blocks: |
Comment 1
Tina Fitzgerald
2016-02-02 19:52:14 UTC
The behavior differs in my environment using build: 5.5.0.13.20151201120956_653c0d4 Can you provide the following: 1. The build number using configure -> about. 2. Where did you get the tenant object logged in the "init" method referenced above? Can you provide a copy of that method? The reason that the user is switched to admin during retirement is because the logged in user's group doesn't contain the service owner's group. When the service provision starts the ids are :user_id=>1000000000004, :miq_group_id=>1000000000056, :tenant_id=>1000000000002 Then there is a customer method which seems to be changing the tenant on the service. The method is /Gcloud/Cloud/Orchestration/Provisioning/StateMachines/Methods/setServiceIdentity This method has a log line which states that changing the tenant <AEMethod setserviceidentity> Set service tenant id to 1000000000018 The Service gets provisioned and the identity of the service is changed to evm_owner_id: 1000000000004, miq_group_id: 1000000000095, tenant_id: 1000000000018 The provisioning started with tenant_id of 1000000000002 and was changed to 1000000000018 And also the group is changed. Changing of the group this way causes the retirement to run as admin. Can we get some more details from the customer if they are trying to change the service tenant, group during provisioning. The user should be part of these groups if the user shouldn't get swapped with 'admin' (In reply to mkanoor from comment #5) > The reason that the user is switched to admin during retirement is because > the logged in user's group doesn't contain the service owner's group. > > When the service provision starts the ids are > :user_id=>1000000000004, :miq_group_id=>1000000000056, > :tenant_id=>1000000000002 > > Then there is a customer method which seems to be changing the tenant on the > service. > The method is > /Gcloud/Cloud/Orchestration/Provisioning/StateMachines/Methods/ > setServiceIdentity > > This method has a log line which states that changing the tenant > <AEMethod setserviceidentity> Set service tenant id to 1000000000018 > > The Service gets provisioned and the identity of the service is changed to > evm_owner_id: 1000000000004, miq_group_id: 1000000000095, tenant_id: > 1000000000018 > > > The provisioning started with tenant_id of 1000000000002 and was changed to > 1000000000018 > And also the group is changed. > > Changing of the group this way causes the retirement to run as admin. > > Can we get some more details from the customer if they are trying to change > the service tenant, group during provisioning. > > The user should be part of these groups if the user shouldn't get swapped > with 'admin' thanks, that effectively was the problem and thanks to your update the case has been resolved! I'm creating https://access.redhat.com/solutions/2158341 to cover this problem, maybe you can help me expand it further? Hi Felix, We added some content to your solution article. This is an important issue and we'd like to better understand how the customer modified the values and how they resolved the issue. Can you give us more detail about the customer environment? Could we have a copy of the setserviceidentity automate method? Thanks, Tina |