Bug 1025691 - Can't add/remove members to domain with admin domain token which is generated by domain owner or admin member
Can't add/remove members to domain with admin domain token which is generat...
Status: CLOSED CURRENTRELEASE
Product: OpenShift Online
Classification: Red Hat
Component: Command Line Interface (Show other bugs)
2.x
Unspecified Unspecified
medium Severity high
: ---
: ---
Assigned To: Jessica Forrester
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-01 06:08 EDT by XiuJuan Wang
Modified: 2015-05-14 22:26 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-23 22:28:27 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description XiuJuan Wang 2013-11-01 06:08:36 EDT
Description of problem:

Generate an admin domain token with domain owner or admin member, and try to  add/remove members to a  domain with domain admin token,
it will fail and show "There is no account with login xx".

Version-Release number of selected component (if applicable):
rhc 1.16.8
devenv-stage_546

How reproducible:
always

Steps to Reproduce:
1.create admin domain token with domain owner or admin member
2.Check authorization of this user
3.Add member with a exist account to a domain use domain admin token
4.list members of this user
5.remove a exist member from domain with --token

Actual results:
1.[wxj@wangxiuj]$ rhc authorization-add --scopes domain/52731fff0da65753c2000010/admin --note admin-token
Adding authorization ... done

admin-token
-----------
  Token:      666bd9d6117d714ce8008557f43442e04ec446c34370871ada5346dcd4feb7d6
  Scopes:     domain/52731fff0da65753c2000010/admin
  Created:    5:39 PM
  Expires In: about 6 months
2.[wxj@wangxiuj]$ rhc authorization
admin-token
-----------
  Token:      d1860a56c558b17f858a3b003caf69cb2381d8f18062983195be59a32aec27df
  Scopes:     domain/52734d020da6578e510001ec/admin
  Created:    5:42 PM
  Expires In: about 6 months
3.[wxj@wangxiuj]$ rhc add-member xiuwang+3 -r admin -n xiu --token  d1860a56c558b17f858a3b003caf69cb2381d8f18062983195be59a32aec27df
Adding 1 administrator to domain ... There is no account with login xiuwang+3.

4.[wxj@wangxiuj]$ rhc member-list -n xiu
Login                Role
-------------------- -------------
xiuwang+2@redhat.com admin (owner)
xiuwang+1@redhat.com edit
5.[wxj@wangxiuj]$ rhc member-remove xiuwang+1@redhat.com -n xiu --token d1860a56c558b17f858a3b003caf69cb2381d8f18062983195be59a32aec27df
Removing 1 member from domain ... There is no account with login xiuwang+1@redhat.com.


Expected results:
should add/remove members successfully

Additional info:
Comment 1 Clayton Coleman 2013-11-01 14:56:35 EDT
Will fix for 2.0, does not block sprint 35 exit
Comment 2 Jessica Forrester 2013-11-11 13:57:18 EST
Fix is in https://github.com/openshift/origin-server/pull/4122
Comment 3 openshift-github-bot 2013-11-11 17:11:20 EST
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/9fbbddb6afa37a02a1e78f6eb75aa9f652a35b48
Bug 1025691 - can't add member to a domain when authenticate with token
Comment 4 XiuJuan Wang 2013-11-12 04:37:23 EST
denenv_4022
lastest rhc build from the server

Now this problem works well

[wxj@wangxiuj .openshift]$ rhc member-add xiuwang+3 -n cat -r admin  --token 892c263cead20d3abd1683829dfaade597b8ad34f77a3401ab7d43201375cba7
Adding 1 administrator to domain ... done

Note You need to log in before you can comment on or make changes to this bug.