+++ This bug was initially created as a clone of Bug #1121971 +++ Description of problem: Create an application adding addition storage in domain1 for account1. Add account2 to account1 with admin/edit role.(account2 has no additional storage capability) Clone this app within domain1 by account2.Will show "account1 has requested more additional gear storage than allowed (max: 0 GB)" Could add storage to domain1's app by account2. Version-Release number of selected component (if applicable): devenv_4992 rhc-1.28.1 How reproducible: always Steps to Reproduce: 1.Add account2 to account1 as admin/edit member. rhc member add account2 -r admin -n domain1 2.Create an application, and add some additional storage. rhc app create php php-5.3 -n domain1 rhc cartridge-storage php-5.3 -a php --add 10 -n domain1 -l account2 3.Clone this app within domain1 by account2 rhc app create phpc --from-app=domain1/php -n domain1 -l account2 Actual results: step 3: ]# rhc app create phpc --from-app=domain1/php -n domain1 -l account2 Application Options ------------------- Domain: domain1 Cartridges: php-5.3 From app: php Gear Size: Copied from 'php' Scaling: no (copied from 'php') Creating application 'phpc' ... account2 has requested more additional gear storage than allowed (max: 0 GB) Expected results: Could clone app of additional storage within owner domain by admin/edit role which has no additional storage capability. Additional info: --- Additional comment from Jordan Liggitt on 2014-07-22 09:11:05 EDT --- applications_controller in the broker is doing two checks during app creation, based on the user doing the creation, rather than the owner of the domain: if (@cloud_user.consumed_gears >= @cloud_user.max_gears) return render_error(:unprocessable_entity, "#{@cloud_user.login} has already reached the gear limit of #{@cloud_user.max_gears}", 104) end if (cartridges.map(&:additional_gear_storage).compact.map(&:to_i).max || 0) > @cloud_user.max_storage return render_error(:unprocessable_entity, "#{@cloud_user.login} has requested more additional gear storage than allowed (max: #{@cloud_user.max_storage} GB)", 166) end Both of these checks are incorrect... the gears and extra storage should be validated against the capabilities of the owner of the domain where the app is being created, not the calling user. --- Additional comment from Jordan Liggitt on 2014-07-22 09:14:34 EDT --- Simply need to validate against @domain.owner.consumed_gears and @domain.owner.max_storage --- Additional comment from Jordan Liggitt on 2014-07-22 09:54:58 EDT --- Will merge fix in https://github.com/openshift/origin-server/pull/5638 --- Additional comment from openshift-github-bot on 2014-07-22 18:08:39 EDT --- Commit pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/525547875c4673e2a317c013fd6053ed792c4b58 Bug 1121971: Validate based on domain owner capabilities during app create --- Additional comment from XiuJuan Wang on 2014-07-23 02:12:41 EDT --- Checked on devenv_4998 Can't reproduce this bug.Will verify this bug after on_qa.
Upstream commit: commit 525547875c4673e2a317c013fd6053ed792c4b58 Author: Jordan Liggitt <jliggitt> Date: Tue Jul 22 09:16:31 2014 -0400 Bug 1121971: Validate based on domain owner capabilities during app create
Check on puddle[2.1.5/2014-08-01.1] 1.Create an app with xiaom #rhc app create phps php-5.4 -s -l xiaom -n xiaom 2.add user 'xiama' to domain 'xiaom' #rhc member add xiama -n xiaom -r admin 3.set max tracked storage for xiaom #oo-admin-ctl-user -l xiaom --setmaxtrackedstorage 20 4.add storage for app with xiama rhc cartridge storage php --set 10 -a phps -l xiama 5.clone a new app from phps #rhc app create phpc --from-app xiaom/phps -l xiama The app is created successfully! so move the issue to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1095.html