Bug 1951579
Summary: | RHV api issues when account has only "UserRole" permissions | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Marian Jankular <mjankula> |
Component: | ovirt-engine | Assignee: | Ori Liel <oliel> |
Status: | CLOSED ERRATA | QA Contact: | Guilherme Santos <gdeolive> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 4.3.11 | CC: | mavital, mperina, oliel, robert.dahlem |
Target Milestone: | ovirt-4.4.7 | Keywords: | ZStream |
Target Release: | 4.4.7 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ovirt-engine-4.4.7 | Doc Type: | No Doc Update |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-07-22 15:12:33 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marian Jankular
2021-04-20 13:53:42 UTC
From a brief examination it doesn't look to me like the problem is in the API layer, rather I tend to believe that its somewhere in the search implementation in the Engine Verified on: ovirt-engine-4.4.7.5-0.9.el8ev.noarch Steps: 1. Create a new user (user1) with User Role 2. Query paginated hosts info tru rest api # curl -u user1@internal:<password> "https://<engine-fqdn>/ovirt-engine/api/hosts?search=page%201" -k # curl -u user1@internal:<password> "https://<engine-fqdn>/ovirt-engine/api/hosts?search=page%202" -k # curl -u user1@internal:<password> "https://<engine-fqdn>/ovirt-engine/api/hosts?search=page%203" -k Results: Info properly queried and not repetition of info in empty pages (same response as admin user): # curl -u user1@internal:<password> "https://<engine-fqdn>/ovirt-engine/api/hosts?search=page%203" -k <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <hosts/> Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2865 Due to QE capacity, we are not going to cover this issue in our automation |