Description of problem: Create an application adding addition storage in domain1 for account1. Add account2 to account1 with admin/edit role.(account2 has no additional storage capability) Clone this app within domain1 by account2.Will show "account1 has requested more additional gear storage than allowed (max: 0 GB)" Could add storage to domain1's app by account2. Version-Release number of selected component (if applicable): devenv_4992 rhc-1.28.1 How reproducible: always Steps to Reproduce: 1.Add account2 to account1 as admin/edit member. rhc member add account2 -r admin -n domain1 2.Create an application, and add some additional storage. rhc app create php php-5.3 -n domain1 rhc cartridge-storage php-5.3 -a php --add 10 -n domain1 -l account2 3.Clone this app within domain1 by account2 rhc app create phpc --from-app=domain1/php -n domain1 -l account2 Actual results: step 3: ]# rhc app create phpc --from-app=domain1/php -n domain1 -l account2 Application Options ------------------- Domain: domain1 Cartridges: php-5.3 From app: php Gear Size: Copied from 'php' Scaling: no (copied from 'php') Creating application 'phpc' ... account2 has requested more additional gear storage than allowed (max: 0 GB) Expected results: Could clone app of additional storage within owner domain by admin/edit role which has no additional storage capability. Additional info:
applications_controller in the broker is doing two checks during app creation, based on the user doing the creation, rather than the owner of the domain: if (@cloud_user.consumed_gears >= @cloud_user.max_gears) return render_error(:unprocessable_entity, "#{@cloud_user.login} has already reached the gear limit of #{@cloud_user.max_gears}", 104) end if (cartridges.map(&:additional_gear_storage).compact.map(&:to_i).max || 0) > @cloud_user.max_storage return render_error(:unprocessable_entity, "#{@cloud_user.login} has requested more additional gear storage than allowed (max: #{@cloud_user.max_storage} GB)", 166) end Both of these checks are incorrect... the gears and extra storage should be validated against the capabilities of the owner of the domain where the app is being created, not the calling user.
Simply need to validate against @domain.owner.consumed_gears and @domain.owner.max_storage
Will merge fix in https://github.com/openshift/origin-server/pull/5638
Commit pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/525547875c4673e2a317c013fd6053ed792c4b58 Bug 1121971: Validate based on domain owner capabilities during app create
Checked on devenv_4998 Can't reproduce this bug.Will verify this bug after on_qa.
Verified on devenv_5003 Move bug to VERIFIED.Thanks!