Bug 887805

Summary: RHEVM-CLI: 'remove permit' command doesn't work by-id (by-name works fine)
Product: Red Hat Enterprise Virtualization Manager Reporter: Ilia Meerovich <iliam>
Component: ovirt-engine-cliAssignee: Michael Pasternak <mpastern>
Status: CLOSED ERRATA QA Contact: Ilia Meerovich <iliam>
Severity: low Docs Contact:
Priority: unspecified    
Version: 3.1.0CC: aburden, bazulay, cboyle, dyasny, ecohen, iheim, oramraz, Rhev-m-bugs, sgrinber, ykaul
Target Milestone: ---   
Target Release: 3.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: SF4 Doc Type: Bug Fix
Doc Text:
Previously, 'remove permit' was not processing the '--role-identifier' parameter and would fail without message or error. Now, the command works with identifiers and prints 'accepted' when successfully executed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-10 20:29:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 915537    

Description Ilia Meerovich 2012-12-17 11:52:36 UTC 
Output form Michael's bug repro:

[oVirt shell (connected)]# show role aaa

id            : 1f3724c0-1ada-4e13-aa37-5910c86e14b9
name          : aaa
_Base__context: 140680821593424
administrative: False
mutable       : True

[oVirt shell (connected)]# list permits --role-identifier aaa

id         : 502
name       : manipulate_permissions

id         : 1300
name       : login

[oVirt shell (connected)]# add permit --role-identifier aaa --id 7

id            : 7
name          : connect_to_vm
_Base__context: 140680821593424
administrative: False
role-id       : 1f3724c0-1ada-4e13-aa37-5910c86e14b9

[oVirt shell (connected)]# list permits --role-identifier aaa

id         : 502
name       : manipulate_permissions

id         : 1300
name       : login

id         : 7
name       : connect_to_vm


[oVirt shell (connected)]# remove permit connect_to_vm --role-identifier aaa
[oVirt shell (connected)]# list permits --role-identifier aaa

id         : 502
name       : manipulate_permissions

id         : 1300
name       : login
Comment 1 Michael Pasternak 2012-12-17 11:57:02 UTC 
ilia,

It's not 'list command doesn't work by-id', but 'remove command' and for very
specific use-case - permit.
Comment 2 Michael Pasternak 2012-12-25 14:00:44 UTC 
http://gerrit.ovirt.org/10366
Comment 3 Oded Ramraz 2013-02-06 10:29:30 UTC 
RHEVM shell (connected)]# add permit --role-identifier aaa --id 7

id            : 7
name          : connect_to_vm
administrative: False
role-id       : c92b0f80-5fc8-4b12-94f4-5db34707ccb1

[RHEVM shell (connected)]# remove permit connect_to_vm --role-identifier aaa

accepted.

[RHEVM shell (connected)]# list permits --role-identifier aaa

id         : 301
name       : edit_vm_pool_configuration


Verified sf5
Comment 4 errata-xmlrpc 2013-06-10 20:29:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0890.html