Bug 1001992 - Cannot complete tasks which requires 'stage' role in DTGov
Cannot complete tasks which requires 'stage' role in DTGov
Status: CLOSED CURRENTRELEASE
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: DT Governance (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity urgent
: ER3
: ---
Assigned To: Eric Wittmann
Jiri Sedlacek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-28 05:25 EDT by Stefan Bunciak
Modified: 2015-08-02 19:44 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker SRAMP-236 Major Closed Missing roles for some users in overlord-idp jaas config 2013-12-02 12:14:11 EST

  None (edit)
Description Stefan Bunciak 2013-08-28 05:25:20 EDT
Description of problem:

org.overlord.sramp.atom.err.SrampAtomException: Permission denied to perform actions "[read]" on path <unknown>

Server stack trace: http://pastebin.test.redhat.com/160778

Version-Release number of selected component (if applicable):


How reproducible:
* Always

Steps to Reproduce:
1. Install DTGov 
2. Create new deployment
3. Complete user tasks of the Release Process to 'Stage' env
4. Log in to DTGov with user 'Scott' (or diferent with role 'stage')

Actual results:

* Cannot list deployments at http://localhost:8080/dtgov-ui/#deployments
* Cannot complete appropriate tasks which requires 'stage' role. User can list the tasks but cannot open task details and complete the task.

Expected results:

* User can complete tasks requireing 'stage' role

Additional info:

* To complete task user probably needs some additional roles associated (admin|sramp). Current configuration doesn't allow to complete task only with roles overlorduser,stage.
Comment 1 JBoss JIRA Server 2013-09-05 14:42:45 EDT
Eric Wittmann <eric.wittmann@redhat.com> updated the status of jira SRAMP-236 to Resolved
Comment 2 JBoss JIRA Server 2013-09-05 14:42:55 EDT
Eric Wittmann <eric.wittmann@redhat.com> updated the status of jira SRAMP-236 to Closed
Comment 3 Eric Wittmann 2013-09-05 14:47:13 EDT
The overlord-idp-roles.properties JAAS configuration file used by the Overlord IDP was missing a critical ModeShape role.  This role was needed so that users could actually perform s-ramp operations.  Without this, parts of DTGov would fail.

The role is:

  admin.sramp

I have added this role to all users in the IDP's jaas config file here:

https://github.com/Governance/overlord-commons/blob/master/overlord-commons-idp/src/main/resources/overlord-idp-roles.properties
Comment 4 Stefan Bunciak 2013-09-10 04:30:36 EDT
The patch probably hasn't maded to ER2 build. I've installed FSW + DTGov 6.0.0.ER2 via instaler and the standalone/configuration/overlord-idp-roles.properties file still contains wrong roles configuration:

admin=overlorduser,overlordadmin
eric=overlorduser,admin.sramp,dev,qa
gary=overlorduser,admin.sramp,dev,qa
kevin=overlorduser,admin.sramp,dev,qa
kurt=overlorduser,admin.sramp,dev,qa
greg=overlorduser,qa
david=overlorduser,qa
scott=overlorduser,stage
phil=overlorduser,prod
Comment 5 Eric Wittmann 2013-09-10 07:47:26 EDT
Note that the fix in community is in the overlord-commons (overlord-commons-idp) project.  I have confirmed that I *did* merge that change into the product branch in github.  So Stefan is probably right - the change didn't make it into ER2...
Comment 6 Stefan Bunciak 2013-09-23 10:24:39 EDT
Verified in FSW 6.0.0.ER3. By default only 1 user is active (admin), others are disabled but roles are properly configured.

Note You need to log in before you can comment on or make changes to this bug.