Description of problem: Empty content is returned if REST endpoint /vms/{vmId}/graphicsconsoles/{consoleId} fails. The failure can be unexpected error or event the fact that some admin is already using the console. Version-Release number of selected component (if applicable): 4.0 master, commit d84e51d How reproducible: 100% Steps to Reproduce: For example: 1. Create a VM 2. Create a non-admin user (e.g. aaa-jdbc) 3. Add UserRole permission to the user for the vm 4. Run the vm 5. Connect to vm's console as admin@internal 6. User rest to get vv file as new non-admin user GET /vms/{vmId}/graphicsconsoles/{consoleId} Filter: true Authorization: Basic ... Accept: application/x-virt-viewer Actual results: No content returned in response Expected results: Explanatory error message
Bug tickets must have version flags set prior to targeting them to a release. Please ask maintainer to set the correct version flags and only then set the target milestone.
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Checked on ovirt-engine-restapi-4.0.0.4-0.1.el7ev.noarch Steps: 1) Create VM 2) Created additional non-admin user 3) Grant UserRole permissions to user1 on the VM 4) Run the VM 5) Connect to the VM console via admin user 6) Try to get the VM graphic console via REST with user1 authentification api/vms/5c77c4c9-34af-4ed1-b02b-ea8a4bd58727/graphicsconsoles/7370696365 Headers: Accept: application/x-virt-viewer Authorization: Basic ... Filter: True Response: 500 Internal Server Error I can see under engine.log 2016-06-16 03:36:16,087 DEBUG [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-16) [833555c] Found permission '7d35cefb-cc23-46bc-8d01-bf636b34bc58' for user when running 'SetVmTicket', on 'VM' with id '5c77c4c9-34af-4ed1-b02b-ea8a4bd58727' 2016-06-16 03:36:16,089 DEBUG [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-16) [833555c] No permission found for user when running action 'SetVmTicket', on object 'VM' for action group 'RECONNECT_TO_VM' with id '5c77c4c9-34af-4ed1-b02b-ea8a4bd58727'. 2016-06-16 03:36:16,089 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-16) [833555c] No permission found for user '6e8931e4-8510-4609-87f6-6aa60b19a214' or one of the groups he is member of, when running action 'SetVmTicket', Required permissions are: Action type: 'USER' Action group: 'RECONNECT_TO_VM' Object type: 'VM' Object ID: '5c77c4c9-34af-4ed1-b02b-ea8a4bd58727'. 2016-06-16 03:36:16,089 WARN [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-16) [833555c] Validation of action 'SetVmTicket' failed for user user1@internal-authz. Reasons: VAR__ACTION__SET,VAR__TYPE__VM_TICKET,USER_CANNOT_FORCE_RECONNECT_TO_VM 2016-06-16 03:36:16,091 ERROR [org.ovirt.engine.api.restapi.resource.BackendVmGraphicsConsoleResource] (default task-16) [] Operation Failed: USER_CANNOT_FORCE_RECONNECT_TO_VM
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Created attachment 1168584 [details] engine log
Nothing on server log I assume?
Behavior described in comment 3 was intended behavior. The event is logged as shown in last line of log snippet: 2016-06-16 03:36:16,091 ERROR [org.ovirt.engine.api.restapi.resource.BackendVmGraphicsConsoleResource] (default task-16) [] Operation Failed: USER_CANNOT_FORCE_RECONNECT_TO_VM and not explained in response since we want to conform with vv file format and vv file doesn't allow reporting errors. Thus the response is empty. @Juan Current status code apparently seems a bit confusing. Do we want to keep 500 or rather distinguish between other errors (500) and the case when user doesn't have sufficient permissions take console other user is connected to (e.g. 403)?
Sorry guys I didn't read "Doc text" like I see behaviour is expected one. So you can move bug ON_QA and I will verify it. Sorry again(
Returning 403 when the user can't take the console looks good to me, please do it.
will get to 4.0.1
Verified on rhevm-4.0.2-0.2.rc1.el7ev.noarch Steps: 1) Create VM 2) Created additional non-admin user 3) Grant UserRole permissions to user1 on the VM 4) Run the VM 5) Connect to the VM console via admin user 6) Try to get the VM graphic console via REST with user1 authentification api/vms/5c77c4c9-34af-4ed1-b02b-ea8a4bd58727/graphicsconsoles/7370696365 Headers: Accept: application/x-virt-viewer Authorization: Basic ... Filter: True Response: 403 Forbidden
Since the problem described in this bug report should be resolved in oVirt 4.0.1 released on July 19th 2016, it has been closed with a resolution of CURRENT RELEASE. For information on the release, and how to update to this release, follow the link below. If the solution does not work for you, open a new bug report. http://www.ovirt.org/release/4.0.1/