Bug 796370

Summary:	Defining a self service users does not work as expected
Product:	[Retired] CloudForms Cloud Engine	Reporter:	Steve Reichard <sreichar>
Component:	aeolus-conductor	Assignee:	Angus Thomas <athomas>
Status:	CLOSED NOTABUG	QA Contact:	wes hayutin <whayutin>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	1.0.0	CC:	akarol, cpelland, dajohnso, deltacloud-maint, hbrock, scollier, ssachdev, sseago
Target Milestone:	rc	Keywords:	Triaged
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2012-08-10 14:43:49 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Steve Reichard 2012-02-22 18:54:52 UTC

Description of problem:

I have multiple Cloud Resource Providers.
I created accounts for Provider.
I have create a cloud named 'refarch'.
I added the provider accounts to the 'refarch' Cloud.
In this cloud I created zones named 'dev' and made enabled
A catalog named 'devcat' was created and associated with zone 'dev'
A application blueprint named 'cfse1' was created in 'devcat'
The 'dev' user was given the role 'Application Blueprint User' for 'cfse1'
I have created a user named 'dev'.
All existing Global Roles were removed from the user 'dev'
'dev' was given the 'Cloud User' role to the 'refarch' Cloud.
the user 'dev' was given the Zone User role to the 'dev' zone
the user 'dev' was given

When I log in as dev, I was able to make a new application using the cfse1 'Deployable'. It looked like I was able to launch but failed after finalize with 'Hardware profile hwp1 was not found' I did not find a place to assign hardware roles to users. I see in Global Profile User role, but I assume that open all Profiles.

Additionally, this is not the way I expected it to work. Specfically, if I grouped/zoned an application for the zone/catalog and given access for that for a specific user, I didn't expect I would then have to give permission for each Application to that user.

Version-Release number of selected component (if applicable):

[root@cf-cloudforms9 imagefactory]# /pub/scripts/post_install_configuration_scripts/cf-versions
Red Hat Enterprise Linux Server release 6.2 (Santiago)
Linux cf-cloudforms9.cloud.lab.eng.bos.redhat.com 2.6.32-220.4.2.el6.x86_64 #1 SMP Mon Feb 6 16:39:28 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
postgresql-8.4.9-1.el6_1.1.x86_64
mongodb-1.8.2-3.el6.x86_64
euca2ools-1.3.1-4.el6_0.noarch
ruby-1.8.7.352-5.el6_2.x86_64
rubygems-1.8.10-1.el6.noarch
deltacloud-core-0.5.0-5.el6.noarch
rubygem-deltacloud-client-0.5.0-2.el6.noarch
package libdeltacloud is not installed
hail-0.8-0.2.gf9c5b967.el6_0.x86_64
puppet-2.6.11-1.el6_1.noarch
aeolus-configure-2.5.0-14.el6.noarch
iwhd-1.2-3.el6.x86_64
imagefactory-1.0.0rc5-1.el6.noarch
aeolus-conductor-daemons-0.8.0-28.el6.noarch
aeolus-conductor-0.8.0-28.el6.noarch
[root@cf-cloudforms9 imagefactory]#

How reproducible:

Follow the above steps

Steps to Reproduce:
1.
2.
3.

Actual results:

Expected results:

Additional info:

Comment 1 wes hayutin 2012-02-24 03:51:26 UTC

self service users are not supported.. it was pulled from 1.0

Users w/ default roles granted after creation are only able to launch instances as designed.

Can you clarify what your are asking for here?

Comment 2 Scott Seago 2012-02-24 16:18:17 UTC

So there are two things here:
1) don't remove the default HWP role for users, since you're right -- we don't have a granular HWP per-user UI (and I don't think it's a particularly high priority, as I'm not sure there's much need for it).

2) Deployable permissions within the cloud is something I was going to include in the Cloud roles I'm working on now - so that's tied up in the other BZ you have relating to defining the Cloud-level perms.

on 1) -- we should probably have a doc somewhere documenting the default global roles and what they're used for (wes is right -- they're not really "self-service" roles -- they're simply default "end-user" roles). Then we can figure out what's required, what's useful, and (for things like global pool access) what we should probably remove from the list.

Comment 3 Scott Seago 2012-02-29 16:48:21 UTC

With 788148, 2) above (from comment 2) is fixed, so this can probably be considered either NOTABUG or a duplicate of 788148

Comment 4 Hugh Brock 2012-05-07 15:49:05 UTC

Can we verify this isn't a real bug and close it?

Comment 5 Dave Johnson 2012-08-10 14:43:49 UTC

Self service user feature is currently not implemented.