Bug 867920

Summary: Don't generate password if user doesn't have permission to set the VM ticket
Product: Red Hat Enterprise Virtualization Manager Reporter: David Jaša <djasa>
Component: ovirt-engine-restapiAssignee: Michal Skrivanek <michal.skrivanek>
Status: CLOSED CURRENTRELEASE QA Contact: Ondra Machacek <omachace>
Severity: low Docs Contact:
Priority: unspecified    
Version: 3.1.0CC: dyasny, ecohen, iheim, michal.skrivanek, mpastern, Rhev-m-bugs, sgrinber, ykaul
Target Milestone: ---   
Target Release: 3.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: virt
Fixed In Version: sf4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 915537    

Description David Jaša 2012-10-18 15:03:16 UTC 
Description of problem:
Don't generate ticket if user doesn't have permission to connect to the VM

Version-Release number of selected component (if applicable):
3.1.0-18 / si19.1

How reproducible:
always

Steps to Reproduce:
1. try to get a ticket for VM as a user who doesn't have permission to access the VM
2.
3.
  
Actual results:
error is thrown but password is generated nonetheless:
HTTP/1.1 400 Bad Request
Date: Thu, 18 Oct 2012 14:59:37 GMT
Set-Cookie: JSESSIONID=QeBzoZm-awdG2ncedehUZ0kP; Path=/api; Secure
Content-Type: application/xml
Content-Length: 366
Connection: close

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<action>
    <ticket>
        <value>OFj/0+6rXgLY</value>
        <expiry>7200</expiry>
    </ticket>
    <status>
        <state>failed</state>
    </status>
    <fault>
        <reason>Operation Failed</reason>
        <detail>[User is not authorized to perform this action.]</detail>
    </fault>
</action>



Expected results:
new ticket is neither generated nor sent to the API user:
<action>
    <status>
        <state>failed</state>
    </status>
    <fault>
        <reason>Operation Failed</reason>
        <detail>[User is not authorized to perform this action.]</detail>
    </fault>
</action>

OR

<action>
    <ticket/>
    <status>
        <state>failed</state>
    </status>
    <fault>
        <reason>Operation Failed</reason>
        <detail>[User is not authorized to perform this action.]</detail>
    </fault>
</action>


Additional info:
Comment 2 David Jaša 2012-10-19 10:17:14 UTC 
Made summary more precise.
Comment 5 Libor Spevak 2012-12-11 15:54:23 UTC 
http://gerrit.ovirt.org/#/c/9855/
Comment 6 Libor Spevak 2012-12-12 12:59:34 UTC 
Posted new patch:
http://gerrit.ovirt.org/#/c/9997/
Comment 7 Libor Spevak 2013-01-07 10:55:30 UTC 
Merged: 
a8c4eb098c5eeb05406b1bb19d8b0d016e84d953
Comment 8 Ondra Machacek 2013-02-05 12:06:51 UTC 
Verified sf5.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<action>
    <ticket/>
    <status>
        <state>failed</state>
    </status>
    <fault>
        <reason>Operation Failed</reason>
        <detail>[User is not authorized to perform this action.]</detail>
    </fault>
</action>
Comment 10 Itamar Heim 2013-06-11 09:52:15 UTC 
3.2 has been released
Comment 11 Itamar Heim 2013-06-11 09:52:27 UTC 
3.2 has been released
Comment 12 Itamar Heim 2013-06-11 09:59:10 UTC 
3.2 has been released