Bug 1369024
| Summary: | [API] Can't attach disk to VM with UserVMManager role | ||
|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Gonza <grafuls> |
| Component: | RestAPI | Assignee: | Tal Nisan <tnisan> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Raz Tamir <ratamir> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 4.0.2.7 | CC: | acanan, bugs, grafuls, juan.hernandez, tnisan |
| Target Milestone: | ovirt-4.0.4 | Flags: | amureini:
ovirt-4.0.z?
rule-engine: planning_ack? rule-engine: devel_ack+ rule-engine: testing_ack+ |
| Target Release: | 4.0.4 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-09-26 12:37:29 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Storage | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
What version of the SDK are you using? The "Version" field says 4.0.0a, but in the description you mention "ovirt-engine-sdk-python-3.6.8.0-1" which is version 3, not 4. Are you sending filter=True ? When I try to do this I get the following error message: 2016-08-22 18:01:28,664 INFO [org.ovirt.engine.core.bll.storage.disk.AddDiskCommand] (default task-10) [7f7a51b0] No permission found for user '6626f723-d2cd-4b74-a4c3-e01982ca66b5' or one of the groups he is member of, when running action 'AddDisk', Required permissions are: Action type: 'USER' Action group: 'CREATE_DISK' Object type: 'System' Object ID: 'aaa00000-0000-0000-0000-123456789aaa'. I'd say that in version 4 of the engine the creating a virtual machine disk requires the "CREATE_DISK" permissions on the system object, and the "UserVmManager" role doesn't include such permission. In addition, if I try to create the disk specifying the name of the storage domain, I get the following: 2016-08-22 18:13:27,476 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-14) [471220c3] Running command: CreateUserSessionCommand internal: false. 2016-08-22 18:13:27,585 ERROR [org.ovirt.engine.core.bll.storage.domain.GetAllStorageDomainsQuery] (default task-10) [] Query execution failed due to insufficient permissions. 2016-08-22 18:13:27,586 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default task-10) [] Operation Failed: query execution failed due to insufficient permissions. That happens because in order to find the identifier of the storage domain the API uses the GetAllStorageDomainsQuery, and the user doesn't have permissions to execute that. None of these are specific to the SDK, or can be solved in the SDK, so I'm moving the bug to the engine. (In reply to Juan Hernández from comment #1) > What version of the SDK are you using? The "Version" field says 4.0.0a, but > in the description you mention "ovirt-engine-sdk-python-3.6.8.0-1" which is > version 3, not 4. Yes, that is the correct version -> "ovirt-engine-sdk-python-3.6.8.0-1". Verified on ovirt-engine-4.0.4-0.1.el7ev.noarch and with ovirt-engine-sdk-python-3.6.8.0-1.el7ev.noarch, python-ovirt-engine-sdk4-4.0.0-1.el7ev.x86_64
api = API(url=host, username=user, password=password, insecure=True)
>>> disks = api.disks.list()
>>> disk_obj = [d for d in disks if d.get_alias() == 'test_disk'][0]
>>> vms = api.vms.list()
>>> vm_obj = vms[-1]
>>> vm_obj.disks.add(disk_obj)
<ovirtsdk.infrastructure.brokers.VMDisk object at 0x7f9321353750>
Disk was successfully attached to VM
|
Description of problem: User with UserVMManager role is not able to create disk via python restapi. 2016-08-20 16:19:20,027 INFO [org.ovirt.engine.core.bll.storage.disk.AttachDiskToVmCommand] (default task-23) [disks_create_03227e4a-e3b4-4a2d] Running command: AttachDiskToVmCommand internal: false. Entities affected : ID: 9f1125d0-2cd6-44f9-bd3f-2614e959b420 Type: VMAction group CONFIGURE_VM_STORAGE with role type USER, ID: ea4c4828-3156-4dc5-a79c-b64f143b022f Type: DiskAction group ATTACH_DISK with role type USER 2016-08-20 16:19:20,141 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-23) [disks_create_03227e4a-e3b4-4a2d] Correlation ID: disks_create_03227e4a-e3b4-4a2d, Call Stack: null, Custom Event ID: -1, Message: Disk users__disk was successfully attached to VM users__vm_nodisk by user1@internal-authz. 2016-08-20 16:19:20,142 INFO [org.ovirt.engine.core.bll.storage.disk.AttachDiskToVmCommand] (default task-23) [disks_create_03227e4a-e3b4-4a2d] Lock freed to object 'EngineLock:{exclusiveLocks='[ea4c4828-3156-4dc5-a79c-b64f143b022f=<DISK, ACTION_TYPE_FAILED_OBJECT_LOCKED>]', sharedLocks='null'}' 2016-08-20 16:19:20,158 ERROR [org.ovirt.engine.api.restapi.util.LinkHelper] (default task-23) [] Can't find relative path for class "org.ovirt.engine.api.resource.VmDisksResource", will return null 2016-08-20 16:19:20,159 ERROR [org.ovirt.engine.api.restapi.util.LinkHelper] (default task-23) [] Can't find relative path for class "org.ovirt.engine.api.resource.VmDisksResource", will return null 2016-08-20 16:19:20,169 ERROR [org.ovirt.engine.core.bll.storage.disk.GetDiskVmElementByIdQuery] (default task-23) [] Query execution failed due to insufficient permissions. 2016-08-20 16:19:20,170 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default task-23) [] Operation Failed: query execution failed due to insufficient permissions. Version-Release number of selected component (if applicable): ovirt-engine-sdk-python-3.6.8.0-1.el7ev.noarch rhevm-4.0.2.7-0.1.el7ev.noarch ovirt-engine-extension-aaa-ldap-1.2.1-1.el7ev.noarch How reproducible: 100% Steps to Reproduce: 1. Attach disk to VM via python SDK Actual results: Query execution failed due to insufficient permissions Expected results: User is able to attach disk to attach disk to VM via python SDK Additional info: Full engine log attached