Bug 1863051

Summary: [RFE] Allow management of permissions of MAC Address Pools via REST-API
Product: [oVirt] ovirt-engine Reporter: Dominik Holler <dholler>
Component: RestAPIAssignee: Dominik Holler <dholler>
Status: CLOSED CURRENTRELEASE QA Contact: Guilherme Santos <gdeolive>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.4.1.10CC: bugs, dfodor, lleistne, michal.skrivanek, mperina
Target Milestone: ovirt-4.4.3Keywords: FutureFeature
Target Release: ---Flags: pm-rhel: ovirt-4.4?
pm-rhel: planning_ack?
pm-rhel: devel_ack+
lleistne: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-4.4.3.7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-11 06:42:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Network RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1863054    

Description Dominik Holler 2020-08-03 14:43:30 UTC 
It should be possible to add and remove assignments of roles to users on MAC Address pools via REST-API.
Comment 2 Dominik Holler 2020-08-10 06:37:36 UTC 
There are two reasons for this RFE:
1. If a ClusterAdmin or a DataCenterAdmin is responsible to manage a given Cluster or Datacenter,
   she has no permission to use any MAC Address Pool, and is for this reason not able to create a
   new Cluster. Bug 1808320 will give permission at least to the Default MAC Address Pool.
2. This way the management of permissions of MAC Address Pools would be consistent to the
   management of permissions of other entities.
Comment 3 Guilherme Santos 2020-10-29 21:12:45 UTC 
Verified on:
ovirt-engine-4.4.3.8-0.1.el8ev.noarch

Steps:
1. # curl -s -k -u admin@internal:<psswd> https://<fqdn>/ovirt-engine/api/macpools/58ca604b-017d-0374-0220-00000000014e/permissions
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<permissions>
    <permission href="/ovirt-engine/api/groups/eee00000-0000-0000-0000-123456789eee/permissions/58ca604b-017d-0374-0220-00000000014e" id="58ca604b-017d-0374-0220-00000000014e">
        <group href="/ovirt-engine/api/groups/eee00000-0000-0000-0000-123456789eee" id="eee00000-0000-0000-0000-123456789eee"/>
        <role href="/ovirt-engine/api/roles/def00014-0000-0000-0000-def000000014" id="def00014-0000-0000-0000-def000000014"/>
...
</permissions>

2. # cat add.xml
<permission>
  <role>
    <name>SuperUser</name>
  </role>
  <user id="a452d394-02df-44fb-b9dd-689a714fc3c3"/>
</permission>

3. # curl -s -k -H "Content-type: application/xml" -u admin@internal:<psswd> https://<fqdn>/ovirt-engine/api/macpools/58ca604b-017d-0374-0220-00000000014e/permissions -d @add.xml

Results:
permissions endpoint present on macpool api, superuser permission successfully added on macpool for user a452d394-02df-44fb-b9dd-689a714fc3c3
Comment 4 Sandro Bonazzola 2020-11-11 06:42:30 UTC 
This bugzilla is included in oVirt 4.4.3 release, published on November 10th 2020.

Since the problem described in this bug report should be resolved in oVirt 4.4.3 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.