Bug 1121971 - Can't clone application of additional storage within owner domain by admin/edit member which has no additional stroage capability
Summary: Can't clone application of additional storage within owner domain by admin/ed...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: Pod
Version: 2.x
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: ---
Assignee: Abhishek Gupta
QA Contact: libra bugs
URL:
Whiteboard:
Depends On:
Blocks: 1122496
TreeView+ depends on / blocked
 
Reported: 2014-07-22 09:08 UTC by XiuJuan Wang
Modified: 2015-05-15 00:29 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1122496 (view as bug list)
Environment:
Last Closed: 2014-10-10 00:49:20 UTC


Attachments (Terms of Use)

Description XiuJuan Wang 2014-07-22 09:08:50 UTC
Description of problem:
Create an application adding addition storage in domain1 for account1.
Add account2 to account1 with admin/edit role.(account2 has no additional storage capability)
Clone this app within domain1 by account2.Will show "account1 has requested more additional gear storage than allowed (max: 0 GB)"

Could add storage to domain1's app by account2.

Version-Release number of selected component (if applicable):
devenv_4992
rhc-1.28.1

How reproducible:
always

Steps to Reproduce:
1.Add account2 to account1 as admin/edit member.
rhc member add account2 -r admin -n domain1 

2.Create an application, and add some additional storage.
rhc app create php php-5.3 -n domain1
rhc cartridge-storage php-5.3 -a php --add 10 -n domain1 -l account2

3.Clone this app within domain1 by account2
rhc app create phpc --from-app=domain1/php -n domain1 -l account2

Actual results:
step 3:
]# rhc app create  phpc  --from-app=domain1/php -n domain1 -l account2 
Application Options
-------------------
Domain:     domain1
Cartridges: php-5.3
From app:   php
Gear Size:  Copied from 'php'
Scaling:    no (copied from 'php')

Creating application 'phpc' ... account2 has requested more additional gear storage than allowed (max: 0 GB)

Expected results:
Could clone app of additional storage within owner domain by admin/edit role which has no additional storage capability.

Additional info:

Comment 1 Jordan Liggitt 2014-07-22 13:11:05 UTC
applications_controller in the broker is doing two checks during app creation, based on the user doing the creation, rather than the owner of the domain:

    if (@cloud_user.consumed_gears >= @cloud_user.max_gears)
      return render_error(:unprocessable_entity,
                          "#{@cloud_user.login} has already reached the gear limit of #{@cloud_user.max_gears}",
                          104)
    end


    if (cartridges.map(&:additional_gear_storage).compact.map(&:to_i).max || 0) > @cloud_user.max_storage
      return render_error(:unprocessable_entity,
                          "#{@cloud_user.login} has requested more additional gear storage than allowed (max: #{@cloud_user.max_storage} GB)",
                          166)
    end


Both of these checks are incorrect... the gears and extra storage should be validated against the capabilities of the owner of the domain where the app is being created, not the calling user.

Comment 2 Jordan Liggitt 2014-07-22 13:14:34 UTC
Simply need to validate against @domain.owner.consumed_gears and @domain.owner.max_storage

Comment 3 Jordan Liggitt 2014-07-22 13:54:58 UTC
Will merge fix in https://github.com/openshift/origin-server/pull/5638

Comment 4 openshift-github-bot 2014-07-22 22:08:39 UTC
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/525547875c4673e2a317c013fd6053ed792c4b58
Bug 1121971: Validate based on domain owner capabilities during app create

Comment 5 XiuJuan Wang 2014-07-23 06:12:41 UTC
Checked on devenv_4998

Can't reproduce this bug.Will verify this bug after on_qa.

Comment 6 XiuJuan Wang 2014-07-24 05:25:18 UTC
Verified on devenv_5003

Move bug to VERIFIED.Thanks!


Note You need to log in before you can comment on or make changes to this bug.