Red Hat Bugzilla – Bug 1012592
RBAC: deployer role can't create new deployment
Last modified: 2013-12-15 11:15:10 EST
The deployer role can't create (upload to content repository) new deployment. By the name of this role I would expect that at least global deployer is able to do so.
If you have the low level op details, that would be helpful, as this sounds more like a server-side problem.
Brian: unfortunately that's all I've got. You will have to ask Heiko about what is going on under the hood
WFLY-1916 seems to indicate the opposite problem from the description of this one.
No matter, though. I'm going to assume this is a server-side constraints issue and dig into it. I'd change the component to Domain Management but don't want to screw up the flags.
Why do you think it's the opposite of WFLY-1916?
(In reply to Heiko Braun from comment #4)
> Why do you think it's the opposite of WFLY-1916?
The comment on WFLY-1916 implies the global deployment resources are OK but you had an issue with the server-group resources:
"the deplyer requires write access to:
But currently only the later seems to be given."
This description of this BZ discusses file uploads, which relates to the global level.
So not really the opposite, just different.
You assigned this to yourself but I'll look into it anyway. This general area could stand a bit more testing, so not a waste.
I was looking into Deployer role perms a bit and I discovered that actually the upload ops were insufficiently restrictive, not overly restrictive. That is, any role could upload content to the deployment repo and get back a hash for that content. That is, use the upload-deployment-[bytes|stream|url] ops. That's different from being able to create a deployment=xxx resource referencing that content though.
https://github.com/bstansberry/wildfly/commits/WFLY-2179 has the fix (and test) for that. Before I send a PR for that though I'd like to know it doesn't break the console.
accidentally removed the blocker
Moving back to ASSIGNED (https://docspace.corp.redhat.com/docs/DOC-154626).
There's no PR to eap 6.x github repo https://github.com/jbossas/jboss-eap/
The umbrella issue 1014047 is available now.