Bug 1356872

Summary: 2.0: An user created from api/v2/user does not have permission to run any API command
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Harish NV Rao <hnallurv>
Component: CalamariAssignee: Christina Meno <gmeno>
Calamari sub component: Back-end QA Contact: ceph-qe-bugs <ceph-qe-bugs>
Status: CLOSED WONTFIX Docs Contact: Bara Ancincova <bancinco>
Severity: medium    
Priority: unspecified CC: ceph-eng-bugs, gmeno, kdreyer
Version: 2.0   
Target Milestone: rc   
Target Release: 2.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
.Users created by using the Calamari API do not have permissions to run the API commands When a user is created by using the Calamari REST API (`api/v2/user`), the user does not have permissions to run most of the Calamari API commands. Consequently, an attempt to run the commands fails with the following error message: ---- "You do not have permission to perform this action" ---- To work around this issue, use the `calamari-ctl add_user` command from the command line when creating new users.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-04 18:24:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1322504, 1383917, 1412948    

Description Harish NV Rao 2016-07-15 07:44:36 UTC 
Description of problem:

An user created from api/v2/user does not have permission to run any API command


Version-Release number of selected component (if applicable):
calamari-server-1.4.5-1.el7cp.x86_64
ceph version 10.2.2-21


How reproducible: always


Steps to Reproduce:
1) create a user from api/v2/user
2) login as this user to calamari via Django REST framework in any supported browser
3) try running commands like /api/v2/cluster/<id>/crush_map or crush_rule or osd or mon etc., or api/v2/user. 
4) almost all the commands fail with error message: "You do not have permission to perform this action"
5) This does not happen for a user created from "calamari-ctl add_user"

Actual results:


Expected results:


Additional info:
Comment 2 Harish NV Rao 2016-07-15 07:49:15 UTC 
Additional info: when an user created from api/v2/user is 'renamed' using 'calamari-ctl rename_user' command, the changed user cannot log back to calamari-lite.
Comment 6 Christina Meno 2016-08-17 16:36:23 UTC 
Looks good