1100321 – [AAA] REST API request - add user different from admin to internal domain passed

Bug 1100321 - [AAA] REST API request - add user different from admin to internal domain passed

Summary: [AAA] REST API request - add user different from admin to internal domain passed

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	3.4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	3.5.0
Assignee:	Yair Zaslavsky
QA Contact:	Ondra Machacek
Docs Contact:
URL:
Whiteboard:	infra
Duplicates (1):	1015856 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-05-22 14:19 UTC by Yuri Obshansky
Modified:	2016-02-10 19:16 UTC (History)
CC List:	12 users (show)
Fixed In Version:	org.ovirt.engine-root-3.5.0-14
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-02-17 17:12:51 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	33704	0	ovirt-engine-3.5	MERGED	aaa: Changing search logic at internal authz	Never

Description Yuri Obshansky 2014-05-22 14:19:46 UTC

Description of problem:
REST API request - add user different from admin to internal domain passed
instead of failed 

Version-Release number of selected component (if applicable):
Build: 3.4.0-0.16.rc.el6ev
OS Version: RHEL - 6Server - 6.5.0.1.el6
Kernel Version: 2.6.32 - 431.17.1.el6.x86_64
KVM Version: 0.12.1.2 - 2.415.el6_5.9
LIBVIRT Version: libvirt-0.10.2-29.el6_5.7
VDSM Version: vdsm-4.14.7-0.2.rc.el6ev

How reproducible:
Run REST API request and take a look response

Steps to Reproduce:
1.*Reguest:*
POST https://****/api/users/
POST data:
<user>
        <user_name>scale-1@internal</user_name>
        <roles>
            <role>
                <name>UserVmManager</name>
            </role>
            <role id="def00006-0000-0000-0000-def000000006"/>
        </roles>
</user>
2.*Response:*
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<user href="/api/users/fdfc627c-d875-11e0-90f0-83df133b58cc"
id="fdfc627c-d875-11e0-90f0-83df133b58cc">
      <name>admin</name>
      <link
href="/api/users/fdfc627c-d875-11e0-90f0-83df133b58cc/permissions"
rel="permissions"/>
      <link href="/api/users/fdfc627c-d875-11e0-90f0-83df133b58cc/roles"
rel="roles"/>
      <link href="/api/users/fdfc627c-d875-11e0-90f0-83df133b58cc/tags"
rel="tags"/>
      <domain href="/api/domains/696e7465-726e-616c-696e-7465726e616c"
id="696e7465-726e-616c-696e-7465726e616c"/>
      <user_name>admin@internal</user_name>
</user>
3.

Actual results:
Passed

Expected results:
**Response:*
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<fault>
       <reason>Operation Failed</reason>
       <detail>Entity not found:scale-1@internal</detail>
</fault>

Additional info:

Comment 1 Juan Hernández 2014-05-22 14:27:55 UTC

When the RESTAPI receives this request it creates a query to search the user, and the query is ignored by the "internal" directory, it always returns the "admin" user. I'm changing the bug to the backend component.

Comment 2 Oved Ourfali 2014-05-25 11:06:52 UTC

Yair - what's the best way you think this should be addressed?
Currently targeting  that to 3.6, unless you say the fix is trivial.

Comment 3 Yair Zaslavsky 2014-05-25 12:15:42 UTC

(In reply to Oved Ourfali from comment #2)
> Yair - what's the best way you think this should be addressed?
> Currently targeting  that to 3.6, unless you say the fix is trivial.

I remind you that the implementation for internal broker was that search always returns the Admin user.

We can think of some fix that only if i search for a pattern that matches "admin" then a user will be returned.

Not sure how much worth the hassle though.

Comment 4 Oved Ourfali 2014-05-25 12:19:50 UTC

(In reply to Yair Zaslavsky from comment #3)
> (In reply to Oved Ourfali from comment #2)
> > Yair - what's the best way you think this should be addressed?
> > Currently targeting  that to 3.6, unless you say the fix is trivial.
> 
> I remind you that the implementation for internal broker was that search
> always returns the Admin user.
> 
> We can think of some fix that only if i search for a pattern that matches
> "admin" then a user will be returned.
> 
> Not sure how much worth the hassle though.

Moving to 3.6.0 in the meantime.

Comment 5 Juan Hernández 2014-06-20 16:20:20 UTC

*** Bug 1015856 has been marked as a duplicate of this bug. ***

Comment 6 Eyal Edri 2014-10-07 07:12:36 UTC

this bug status was moved to MODIFIED before engine vt5 was built,
hence moving to on_qa, if this was mistake and the fix isn't in,
please contact rhev-integ

Comment 7 Ondra Machacek 2014-10-22 07:55:26 UTC

curl -k -X POST -H "Accept: application/xml" -H "Content-Type: application/xml" -H "Filter: $filter" -d "<user><domain><name>internal</name></domain><user_name>vdcalladmin</user_name></user>" -u $U $URL/users


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<fault>
    <reason>Operation Failed</reason>
    <detail>Entity not found: ADUSER@internal:: username=vdcalladmin</detail>
</fault>

Comment 8 Eyal Edri 2015-02-17 17:12:51 UTC

rhev 3.5.0 was released. closing.

Note You need to log in before you can comment on or make changes to this bug.