Bug 876460
Summary: | user who can create a VM in extended user portal can not create VM in filtered API due to insufficient permissions | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | David Jaša <djasa> |
Component: | ovirt-engine-restapi | Assignee: | Ravi Nori <rnori> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ondra Machacek <omachace> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.1.0 | CC: | acathrow, dyasny, ecohen, iheim, mpastern, pstehlik, Rhev-m-bugs, ykaul |
Target Milestone: | --- | ||
Target Release: | 3.2.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | infra | ||
Fixed In Version: | sf1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | Bug | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 915537 |
Description
David Jaša
2012-11-14 08:24:50 UTC
well, the problem is that api using /search to fetch template/cluster id by name, workaround is using IDs instead. The operation fails even when I specify a cluster with an ID: $ curl --cacert .cert.pem -D - -b JSESSIONID=7RhiNHUP6ORsTrX0-OCyDh+a \ -H "prefer: persistent-auth" -H "Content-Type: application/xml" \ -H "filter: true" https://rhevm31.example.com/api/vms -X POST -d \ "<vm><name>test-vm-fdloddfl</name><cluster id='99408929-82cf-4dc7-a532-9d998063fa95'/><template><name>Blank</name></template></vm>" HTTP/1.1 400 Bad Request Date: Wed, 14 Nov 2012 10:42:42 GMT Content-Type: application/xml Content-Length: 188 Connection: close <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <fault> <reason>Operation Failed</reason> <detail>query execution failed due to insufficient permissions.</detail> </fault> The permission is given at system-level to a group where the user belongs. When I try to look up the permissions of the cluster, I get this empty reply no matter if I ask as a filtered user or unfiltered admin: GET /api/clusters/99408929-82cf-4dc7-a532-9d998063fa95/permissions <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <permissions/> The same goes for respective data center and in /api, I can not see permissions at all (as admin). I'd expect to see inherited permissions or, in case filtered requests, just the subset of the permissions related to the user. (In reply to comment #2) > The operation fails even when I specify a cluster with an ID: > > $ curl --cacert .cert.pem -D - -b JSESSIONID=7RhiNHUP6ORsTrX0-OCyDh+a \ > -H "prefer: persistent-auth" -H "Content-Type: application/xml" \ > -H "filter: true" https://rhevm31.example.com/api/vms -X POST -d \ > "<vm><name>test-vm-fdloddfl</name><cluster > id='99408929-82cf-4dc7-a532-9d998063fa95'/><template><name>Blank</name></ > template></vm>" > HTTP/1.1 400 Bad Request > Date: Wed, 14 Nov 2012 10:42:42 GMT > Content-Type: application/xml > Content-Length: 188 > Connection: close > > <?xml version="1.0" encoding="UTF-8" standalone="yes"?> > <fault> > <reason>Operation Failed</reason> > <detail>query execution failed due to insufficient permissions.</detail> > </fault> > > Comment 1 says: use template/cluster by-id (In reply to comment #3) > (In reply to comment #2) > Comment 1 says: use template/cluster by-id sorry, I missed the template part. When specifying both as ids, the VM gets created. So is this a duplicate of bug 869334, i guess? link : http://gerrit.ovirt.org/#/c/9248/ change id : I604883bc48dce3f326046d59534fb9134c1bbb29 (In reply to comment #4) > (In reply to comment #3) > > (In reply to comment #2) > > Comment 1 says: use template/cluster by-id > > sorry, I missed the template part. When specifying both as ids, the VM gets > created. So is this a duplicate of bug 869334, i guess? indeed, but i prefer keeping it in separate bug for not overloading #869334 3.2 has been released 3.2 has been released 3.2 has been released |