Bug 1641048
Summary: | Engine raises 'insufficient permissions' error when normal user try to access /datacenters?follow=storage_domains | ||
---|---|---|---|
Product: | [oVirt] ovirt-engine | Reporter: | Lucie Leistnerova <lleistne> |
Component: | RestAPI | Assignee: | Ahmad Khiet <akhiet> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Lucie Leistnerova <lleistne> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.3.0 | CC: | bugs, frolland, lleistne, tnisan |
Target Milestone: | ovirt-4.3.0 | Flags: | rule-engine:
ovirt-4.3+
lleistne: testing_ack+ |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ovirt-engine-4.3.0_rc | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-02-21 14:17:12 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Storage | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lucie Leistnerova
2018-10-19 13:42:21 UTC
It's because GetStorageDomainListByIdQuery is not user query. (In reply to Ondra Machacek from comment #1) > It's because GetStorageDomainListByIdQuery is not user query. Exactly, why is this query needed for an unprivileged user? VM portal calls that query when it checks available data storage domains for creating new disks. For VM portal are used only id, name and type of the storage_domain, so it's not necessary to return all values in <storage> element. But it shouldn't show error in engine.log The Error message in the log removed. after adding GetStorageDomainListById(QueryAuthType.User) to QueryType but the storage domain information was intentionally filtered for admin only requests. this change was made in the following patch : https://gerrit.ovirt.org/c/7003 where the isFiltered() filters admin users only to view the infromation. https://github.com/oVirt/ovirt-engine/blob/23cb61706a11a589c7586b366fe0981291d4d816/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendStorageDomainsResource.java#L334 No error in log and storage contains values that VM portal needs. verified in ovirt-engine-restapi-4.3.0.4-0.1.el7.noarch This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |