Bug 1023408 - The return message is improper when trying to delete the owner of the domain
The return message is improper when trying to delete the owner of the domain
Status: CLOSED WONTFIX
Product: OpenShift Online
Classification: Red Hat
Component: Master (Show other bugs)
2.x
Unspecified Unspecified
medium Severity low
: ---
: ---
Assigned To: Jordan Liggitt
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-25 07:16 EDT by Qiushui Zhang
Modified: 2015-05-14 20:56 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-20 10:46:20 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Qiushui Zhang 2013-10-25 07:16:51 EDT
Description of problem:
Try to delete the owner of the domain with rest api.
1. Using "PATCH" and "POST" will get the same result:
curl -k -H "Accept: application/xml" --user qiuzhang@redhat.com:redhat https://int.openshift.redhat.com/broker/rest/domain/qiuzhang/members -d role=none -d id=5260b12503ef64cdce0000a9 -X PATCH

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <status>ok</status>
  <type>members</type>
  <data>
    <member>
      <type>user</type>
      <login>qiuzhang@redhat.com</login>
      <id>5260b12503ef64cdce0000a9</id>
      <role>admin</role>
      <explicit-role nil="true"></explicit-role>
      <from>
        <from>
          <type>owner</type>
          <role>admin</role>
        </from>
      </from>
      <owner>true</owner>
    </member>
  </data>
  <messages>
    <message>
      <severity>info</severity>
      <text>Removed 1 member.</text>
      <exit-code>0</exit-code>
      <field nil="true"></field>
      <index nil="true"></index>
    </message>
  </messages>
  <version>1.6</version>
  <api-version>1.6</api-version>
  <supported-api-versions>
    <supported-api-version>1.0</supported-api-version>
    <supported-api-version>1.1</supported-api-version>
    <supported-api-version>1.2</supported-api-version>
    <supported-api-version>1.3</supported-api-version>
    <supported-api-version>1.4</supported-api-version>
    <supported-api-version>1.5</supported-api-version>
    <supported-api-version>1.6</supported-api-version>
  </supported-api-versions>
</response>


2. If using "DELETE" method,
curl -k -H "Accept: application/xml" --user qiuzhang@redhat.com:redhat https://int.openshift.redhat.com/broker/rest/domain/qiuzhang/member/5260b12503ef64cdce0000a9 -X DELETE

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <status>ok</status>
  <type>member</type>
  <data>
    <member>
      <type>user</type>
      <login>qiuzhang@redhat.com</login>
      <id>5260b12503ef64cdce0000a9</id>
      <role>admin</role>
      <explicit-role nil="true"></explicit-role>
      <from>
        <from>
          <type>owner</type>
          <role>admin</role>
        </from>
      </from>
      <owner>true</owner>
    </member>
  </data>
  <messages>
    <message>
      <severity>info</severity>
      <text>The member qiuzhang@redhat.com is no longer directly granted a role.</text>
      <exit-code>132</exit-code>
      <field nil="true"></field>
      <index nil="true"></index>
    </message>
  </messages>
  <version>1.6</version>
  <api-version>1.6</api-version>
  <supported-api-versions>
    <supported-api-version>1.0</supported-api-version>
    <supported-api-version>1.1</supported-api-version>
    <supported-api-version>1.2</supported-api-version>
    <supported-api-version>1.3</supported-api-version>
    <supported-api-version>1.4</supported-api-version>
    <supported-api-version>1.5</supported-api-version>
    <supported-api-version>1.6</supported-api-version>
  </supported-api-versions>
</response>


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
1. For the PATCH method, the exit code is 0 and the return message is "Removed 1 member". Actually, the owner can NOT be deleted. The command could not be return as successfully.

2. For DELETE method, the return message "The member qiuzhang@redhat.com is no longer directly granted a role" is confusing.

As a result of the rest api improper result, the rhc client will always return "done".

Expected results:
The rest api returns result according to the actual result correctly.

Additional info:
Comment 1 Qiushui Zhang 2013-10-25 07:24:51 EDT
It happens on INT (devenv_3942).
Comment 2 Jordan Liggitt 2013-10-25 08:49:57 EDT
Membership can occur directly or indirectly. Currently, the only way membership can be granted indirectly is that the domain owner always has admin access. In the future, giving a group access to a domain would give all the members of the group indirect access to the domain.

The message returned from DELETE is correct.
Comment 3 Lili Nader 2013-10-28 01:06:09 EDT
Is removing the owner of a domain allowed?
Comment 4 Jordan Liggitt 2013-10-28 09:14:15 EDT
DELETE will return a 200 on any user id if the end result is that the user does not have an explicit membership on the domain (either because they didn't have one, or because we successfully removed it).

Removing the explicit membership for the domain owner (if there is one) is allowed. The owner will still have access by virtue of them being the owner. This mirrors the eventual behavior we will have around groups.

Note You need to log in before you can comment on or make changes to this bug.