Bug 997831

Summary: [origin_ui_73]Could not create any domain scope successfully
Product: OpenShift Online Reporter: Wei Sun <wsun>
Component: MasterAssignee: Clayton Coleman <ccoleman>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.xCC: ccoleman
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-29 12:52:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Wei Sun 2013-08-16 09:23:22 UTC 
Description of problem:
Try to create any domain scope (view,admin,edit),but it failed.It returns "One or more of the scopes you provided are not allowed. Valid scopes are session, read, userinfo, application/:id/view, application/:id/edit, and application/:id/admin."

Version-Release number of selected component (if applicable):
devenv_3660

How reproducible:
Always

Steps to Reproduce:
1.Create a domain
2.Create any domain scope (view,admin,edit)
3.

Actual results:
[wsun@dhcp-8-229 ~]$ curl -k -H 'Accept: application/xml' -u wsun+mem4:change https://ec2-50-17-19-192.compute-1.amazonaws.com/broker/rest/user/authorizations -d scope=domain/520dcf316b80e2db22000004/admin -d note=domainadmin -X POST
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <status>unprocessable_entity</status>
  <type nil="true"></type>
  <data>
    <datum nil="true"></datum>
  </data>
  <messages>
    <message>
      <severity>error</severity>
      <text>One or more of the scopes you provided are not allowed. Valid scopes are session, read, userinfo, application/:id/view, application/:id/edit, and application/:id/admin.</text>
      <exit-code>194</exit-code>
      <field>scopes</field>
    </message>
  </messages>

Expected results:
Could create domain scopes successfully

Additional info:
Comment 1 Clayton Coleman 2013-08-16 14:00:11 UTC 
This is a config problem.
Comment 2 Clayton Coleman 2013-08-16 14:38:28 UTC 
Fixed in https://github.com/openshift/origin-server/pull/3387 and https://github.com/openshift/li/pull/1824
Comment 3 openshift-github-bot 2013-08-16 16:52:38 UTC 
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/9d86272aa4ad8491fd02575a957fceb1afb1e46e
Bug 997831 - Domain scope not in Rails config
Comment 4 openshift-github-bot 2013-08-16 18:16:58 UTC 
Commit pushed to master at https://github.com/openshift/li

https://github.com/openshift/li/commit/aa7f046bef49f93298c1be010140bea3c2353fe2
Bug 997831 - Domain scope not in config
Comment 5 Wei Sun 2013-08-19 03:51:34 UTC 
Verified on devenv_3672

Result:
1.[wsun@dhcp-8-229 ~]$ curl -k -H 'Accept: application/xml' -u wsun:changeme https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations -d scope=domain/52118d93ce7bf54c9b000006/admin -d note=domainadmin -X POST
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <status>created</status>
  <type>authorization</type>
  <data>
    <authorization>
      <token>1aea8cc1f1682ae3f518c4cae8e9b18550927807ece02b7d2d1f57f393274ea8</token>
      <created-at>2013-08-19T03:47:41Z</created-at>
      <expires-in>2592000</expires-in>
      <expires-in-seconds>2592000</expires-in-seconds>
      <note>domainadmin</note>
      <id>5211955dce7bf536fb000057</id>
      <scopes>domain/52118d93ce7bf54c9b000006/admin</scopes>
      <identity>wsun</identity>
      <links>
        <link>
          <rel>Get authorization</rel>
          <method>GET</method>
          <href>https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations/5211955dce7bf536fb000057</href>
          <required-params/>
          <optional-params/>
        </link>
        <link>
          <rel>Update authorization</rel>
          <method>PUT</method>
          <href>https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations/5211955dce7bf536fb000057</href>
          <required-params>
            <param>
              <name>note</name>
              <type>string</type>
              <description>A note to remind you what this token is for.</description>
              <valid-options/>
              <invalid-options/>
            </param>
          </required-params>
          <optional-params/>
        </link>
        <link>
          <rel>Delete authorization</rel>
          <method>DELETE</method>
          <href>https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations/5211955dce7bf536fb000057</href>
          <required-params/>
          <optional-params/>
        </link>
      </links>
    </authorization>
  </data>
  <messages>
    <message>
      <severity>info</severity>
      <text>Create authorization</text>
      <exit-code>0</exit-code>
      <field nil="true"></field>
    </message>
  </messages>
  <version>1.6</version>
  <api-version>1.6</api-version>
  <supported-api-versions>
    <supported-api-version>1.0</supported-api-version>
    <supported-api-version>1.1</supported-api-version>
    <supported-api-version>1.2</supported-api-version>
    <supported-api-version>1.3</supported-api-version>
    <supported-api-version>1.4</supported-api-version>
    <supported-api-version>1.5</supported-api-version>
    <supported-api-version>1.6</supported-api-version>
  </supported-api-versions>
</response>

2.[wsun@dhcp-8-229 ~]$ curl -k -H 'Accept: application/xml' -u wsun:changeme https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations -d scope=domain/52118d93ce7bf54c9b000006/view -d note=domainview -X POST
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <status>created</status>
  <type>authorization</type>
  <data>
    <authorization>
      <token>b689fb98901799c88bcc208fe3ebc8881a260b1da0db2d992ab3995b9d17ada8</token>
      <created-at>2013-08-19T03:48:01Z</created-at>
      <expires-in>2592000</expires-in>
      <expires-in-seconds>2592000</expires-in-seconds>
      <note>domainview</note>
      <id>52119571ce7bf536fb000058</id>
      <scopes>domain/52118d93ce7bf54c9b000006/view</scopes>
      <identity>wsun</identity>
      <links>
        <link>
          <rel>Get authorization</rel>
          <method>GET</method>
          <href>https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations/52119571ce7bf536fb000058</href>
          <required-params/>
          <optional-params/>
        </link>
        <link>
          <rel>Update authorization</rel>
          <method>PUT</method>
          <href>https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations/52119571ce7bf536fb000058</href>
          <required-params>
            <param>
              <name>note</name>
              <type>string</type>
              <description>A note to remind you what this token is for.</description>
              <valid-options/>
              <invalid-options/>
            </param>
          </required-params>
          <optional-params/>
        </link>
        <link>
          <rel>Delete authorization</rel>
          <method>DELETE</method>
          <href>https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations/52119571ce7bf536fb000058</href>
          <required-params/>
          <optional-params/>
        </link>
      </links>
    </authorization>
  </data>
  <messages>
    <message>
      <severity>info</severity>
      <text>Create authorization</text>
      <exit-code>0</exit-code>
      <field nil="true"></field>
    </message>
  </messages>
  <version>1.6</version>
  <api-version>1.6</api-version>
  <supported-api-versions>
    <supported-api-version>1.0</supported-api-version>
    <supported-api-version>1.1</supported-api-version>
    <supported-api-version>1.2</supported-api-version>
    <supported-api-version>1.3</supported-api-version>
    <supported-api-version>1.4</supported-api-version>
    <supported-api-version>1.5</supported-api-version>
    <supported-api-version>1.6</supported-api-version>
  </supported-api-versions>
</response>

3.[wsun@dhcp-8-229 ~]$ curl -k -H 'Accept: application/xml' -u wsun:changeme https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations -d scope=domain/52118d93ce7bf54c9b000006/edit -d note=domainedit -X POST
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <status>created</status>
  <type>authorization</type>
  <data>
    <authorization>
      <token>961585024559fc4b468d31aeffe276111979a3b021ad1f2689f6dbcc2819ed63</token>
      <created-at>2013-08-19T03:48:24Z</created-at>
      <expires-in>2592000</expires-in>
      <expires-in-seconds>2592000</expires-in-seconds>
      <note>domainedit</note>
      <id>52119588ce7bf536fb000059</id>
      <scopes>domain/52118d93ce7bf54c9b000006/edit</scopes>
      <identity>wsun</identity>
      <links>
        <link>
          <rel>Get authorization</rel>
          <method>GET</method>
          <href>https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations/52119588ce7bf536fb000059</href>
          <required-params/>
          <optional-params/>
        </link>
        <link>
          <rel>Update authorization</rel>
          <method>PUT</method>
          <href>https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations/52119588ce7bf536fb000059</href>
          <required-params>
            <param>
              <name>note</name>
              <type>string</type>
              <description>A note to remind you what this token is for.</description>
              <valid-options/>
              <invalid-options/>
            </param>
          </required-params>
          <optional-params/>
        </link>
        <link>
          <rel>Delete authorization</rel>
          <method>DELETE</method>
          <href>https://ec2-184-73-128-146.compute-1.amazonaws.com/broker/rest/user/authorizations/52119588ce7bf536fb000059</href>
          <required-params/>
          <optional-params/>
        </link>
      </links>
    </authorization>
  </data>
  <messages>
    <message>
      <severity>info</severity>
      <text>Create authorization</text>
      <exit-code>0</exit-code>
      <field nil="true"></field>
    </message>
  </messages>
  <version>1.6</version>
  <api-version>1.6</api-version>
  <supported-api-versions>
    <supported-api-version>1.0</supported-api-version>
    <supported-api-version>1.1</supported-api-version>
    <supported-api-version>1.2</supported-api-version>
    <supported-api-version>1.3</supported-api-version>
    <supported-api-version>1.4</supported-api-version>
    <supported-api-version>1.5</supported-api-version>
    <supported-api-version>1.6</supported-api-version>
  </supported-api-versions>
</response>