Bug 1310541 - SuperUser permit returns 'operation failed'
SuperUser permit returns 'operation failed'
Product: ovirt-engine
Classification: oVirt
Component: Backend.Core (Show other bugs)
Unspecified Unspecified
unspecified Severity medium (vote)
: ovirt-3.6.3
Assigned To: Martin Sivák
Nelly Credi
: Automation, Regression
Depends On:
  Show dependency treegraph
Reported: 2016-02-22 03:07 EST by Nelly Credi
Modified: 2016-03-11 02:24 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-03-11 02:24:02 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: SLA
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rule-engine: ovirt‑3.6.z+
rule-engine: blocker+
mgoldboi: planning_ack+
dfediuck: devel_ack+
rule-engine: testing_ack+

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 53885 ovirt-engine-3.6 MERGED core: Added Roles and groups for cpu profiling 2016-02-23 08:13 EST
oVirt gerrit 53910 refs/tags/ovirt-engine-3.6.3 ABANDONED core: Added Roles and groups for cpu profiling 2016-02-23 08:43 EST
oVirt gerrit 53912 ovirt-engine-3.6.3 MERGED core: Added Roles and groups for cpu profiling 2016-02-23 13:13 EST

  None (edit)
Description Nelly Credi 2016-02-22 03:07:58 EST
Description of problem:

SuperUser - when accessing the permit href we get operation failed 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
2.returns: <roles>
<role href="/api/roles/00000000-0000-0000-0000-000000000001" id="00000000-0000-0000-0000-000000000001">
<description>Roles management administrator</description>
<link href="/api/roles/00000000-0000-0000-0000-000000000001/permits" rel="permits"/>
</role> ...... other roles....

Actual results:
<reason>Operation Failed</reason>

Expected results:
The operation should succeed 

Additional info:
Comment 1 Juan Hernández 2016-02-22 05:39:06 EST
This regression was introduced by the fix for bug 1255405. The patch to fix that bug introduced a new action group id with numeric value 1668:

  Add Attach Disk/Cpu profile permissions to all Import/Export capable roles

But there is no value in the "ActionGroup" enum corresponding to that value. As a result the "ActionGroupDaoImpl.getAllForRole" method returns an list containing one element whose value is "null". When the API tries to map this list it generates a NPE.

The workaround to the problem is to remove the offending rows from the database:

  delete from roles_groups where action_group_id=1668

However this would re-introduce bug 1255405.

I think that the right solution is to add the missing value to the "ActionGroup" enum, and also to the peer in the API, the "PermitType" enum.

It would also be nice send a clear error message to the log from the "ActionGroup.forValue" method, and maybe throw a run time exception instead of just returning "null".
Comment 2 Red Hat Bugzilla Rules Engine 2016-02-22 05:39:54 EST
This bug report has Keywords: Regression or TestBlocker.
Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.
Comment 3 Martin Sivák 2016-02-23 08:58:36 EST
Waiting for the correct branch.

Note You need to log in before you can comment on or make changes to this bug.