Description of problem: When trying to create a rhev compute resource with non-admin RHEV user, the following error occurs: "query execution failed due to insufficient permissions." The reason for this is the RHEV needs to be called with 'Filter: true' headers for the api to work correctly with non-admin user. The rbovirt client library supports to specify the filtered_api option, but fog and foreman don't have a support for that https://github.com/abenari/rbovirt/blob/a7c277e3fc5698e55e95a9432997b1a9c8d486ae/lib/rbovirt.rb#L54-L55
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Created redmine issue http://projects.theforeman.org/issues/6835 from this bug
Upstream bug component is Compute Resources
Still not working properly in current release. foreman-ovirt-1.9.2-1.el6.noarch ruby193-rubygem-rbovirt-0.0.35-1.el6.noarch 2015-11-02 10:29:17,126 DEBUG [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp--127.0.0.1-8702-9) Found permission fbcb73a0-226e-49d4-9e7a-01c665127a07 for user when running LoginUser, on Bottom with id bbb00000-0000-0000-0000-123456789bbb 2015-11-02 10:29:17,128 DEBUG [org.ovirt.engine.core.bll.aaa.LoginBaseCommand] (ajp--127.0.0.1-8702-9) Checking if user testuser is an admin, result false 2015-11-02 10:29:17,129 INFO [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp--127.0.0.1-8702-9) Running command: LoginUserCommand(LoginName = null, ProfileName = netbulae.test, AuthRecord = {Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=testuser}, IsAdmin = false, ActionType = LoginUser, AuthType = CREDENTIALS) internal: false. 2015-11-02 10:29:17,132 TRACE [org.ovirt.engine.core.bll.GetConfigurationValueQuery] (ajp--127.0.0.1-8702-9) START, GetConfigurationValueQuery(version: general, configuration value: ApplicationMode, refresh: false, filtered: false), log id: 438b23b5 2015-11-02 10:29:17,134 TRACE [org.ovirt.engine.core.bll.GetConfigurationValueQuery] (ajp--127.0.0.1-8702-9) FINISH, GetConfigurationValueQuery, log id: 438b23b5 2015-11-02 10:29:17,134 TRACE [org.ovirt.engine.core.bll.aaa.GetValueBySessionQuery] (ajp--127.0.0.1-8702-9) START, GetValueBySessionQuery(refresh: false, filtered: false), log id: 63d562b7 2015-11-02 10:29:17,135 TRACE [org.ovirt.engine.core.bll.aaa.GetValueBySessionQuery] (ajp--127.0.0.1-8702-9) FINISH, GetValueBySessionQuery, log id: 63d562b7 2015-11-02 10:29:17,136 TRACE [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-9) START, SearchQuery(search type: StoragePool, search pattern: [Datacenter : ], case sensitive: true [from: 0, max: -1] refresh: true, filtered: false), log id: 4e440f95 2015-11-02 10:29:17,138 ERROR [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-9) Query execution failed due to insufficient permissions.
Upstream bug assigned to mhulan
After consulting with oVirt developers it turned out that admin-level roles are required. It does not mean that the user account would require superadmin privileges. The set of permission required is documented at http://www.theforeman.org/manuals/1.11/#5.2.7oVirt/RHEVNotes