1001992 – Cannot complete tasks which requires 'stage' role in DTGov

Bug 1001992 - Cannot complete tasks which requires 'stage' role in DTGov

Summary: Cannot complete tasks which requires 'stage' role in DTGov

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Fuse Service Works 6
Classification:	JBoss
Component:	DT Governance
Sub Component:
Version:	6.0.0 GA
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	ER3
Target Release:	---
Assignee:	Eric Wittmann
QA Contact:	Jiri Sedlacek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-08-28 09:25 UTC by Stefan Bunciak
Modified:	2015-08-02 23:44 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	SRAMP-236	0	Major	Closed	Missing roles for some users in overlord-idp jaas config	2013-12-02 17:14:11 UTC

Description Stefan Bunciak 2013-08-28 09:25:20 UTC

Description of problem:

org.overlord.sramp.atom.err.SrampAtomException: Permission denied to perform actions "[read]" on path <unknown>

Server stack trace: http://pastebin.test.redhat.com/160778

Version-Release number of selected component (if applicable):


How reproducible:
* Always

Steps to Reproduce:
1. Install DTGov 
2. Create new deployment
3. Complete user tasks of the Release Process to 'Stage' env
4. Log in to DTGov with user 'Scott' (or diferent with role 'stage')

Actual results:

* Cannot list deployments at http://localhost:8080/dtgov-ui/#deployments
* Cannot complete appropriate tasks which requires 'stage' role. User can list the tasks but cannot open task details and complete the task.

Expected results:

* User can complete tasks requireing 'stage' role

Additional info:

* To complete task user probably needs some additional roles associated (admin|sramp). Current configuration doesn't allow to complete task only with roles overlorduser,stage.

Comment 1 JBoss JIRA Server 2013-09-05 18:42:45 UTC

Eric Wittmann <eric.wittmann> updated the status of jira SRAMP-236 to Resolved

Comment 2 JBoss JIRA Server 2013-09-05 18:42:55 UTC

Eric Wittmann <eric.wittmann> updated the status of jira SRAMP-236 to Closed

Comment 3 Eric Wittmann 2013-09-05 18:47:13 UTC

The overlord-idp-roles.properties JAAS configuration file used by the Overlord IDP was missing a critical ModeShape role.  This role was needed so that users could actually perform s-ramp operations.  Without this, parts of DTGov would fail.

The role is:

  admin.sramp

I have added this role to all users in the IDP's jaas config file here:

https://github.com/Governance/overlord-commons/blob/master/overlord-commons-idp/src/main/resources/overlord-idp-roles.properties

Comment 4 Stefan Bunciak 2013-09-10 08:30:36 UTC

The patch probably hasn't maded to ER2 build. I've installed FSW + DTGov 6.0.0.ER2 via instaler and the standalone/configuration/overlord-idp-roles.properties file still contains wrong roles configuration:

admin=overlorduser,overlordadmin
eric=overlorduser,admin.sramp,dev,qa
gary=overlorduser,admin.sramp,dev,qa
kevin=overlorduser,admin.sramp,dev,qa
kurt=overlorduser,admin.sramp,dev,qa
greg=overlorduser,qa
david=overlorduser,qa
scott=overlorduser,stage
phil=overlorduser,prod

Comment 5 Eric Wittmann 2013-09-10 11:47:26 UTC

Note that the fix in community is in the overlord-commons (overlord-commons-idp) project.  I have confirmed that I *did* merge that change into the product branch in github.  So Stefan is probably right - the change didn't make it into ER2...

Comment 6 Stefan Bunciak 2013-09-23 14:24:39 UTC

Verified in FSW 6.0.0.ER3. By default only 1 user is active (admin), others are disabled but roles are properly configured.

Note You need to log in before you can comment on or make changes to this bug.