Description of problem: SuperUser - when accessing the permit href we get operation failed Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1./api/roles/ 2.returns: <roles> <role href="/api/roles/00000000-0000-0000-0000-000000000001" id="00000000-0000-0000-0000-000000000001"> <name>SuperUser</name> <description>Roles management administrator</description> <link href="/api/roles/00000000-0000-0000-0000-000000000001/permits" rel="permits"/> <mutable>false</mutable> <administrative>true</administrative> </role> ...... other roles.... 3./api/roles/00000000-0000-0000-0000-000000000001/permits Actual results: <fault> <reason>Operation Failed</reason> </fault> Expected results: The operation should succeed Additional info:
This regression was introduced by the fix for bug 1255405. The patch to fix that bug introduced a new action group id with numeric value 1668: Add Attach Disk/Cpu profile permissions to all Import/Export capable roles https://gerrit.ovirt.org/52692 But there is no value in the "ActionGroup" enum corresponding to that value. As a result the "ActionGroupDaoImpl.getAllForRole" method returns an list containing one element whose value is "null". When the API tries to map this list it generates a NPE. The workaround to the problem is to remove the offending rows from the database: delete from roles_groups where action_group_id=1668 However this would re-introduce bug 1255405. I think that the right solution is to add the missing value to the "ActionGroup" enum, and also to the peer in the API, the "PermitType" enum. It would also be nice send a clear error message to the log from the "ActionGroup.forValue" method, and maybe throw a run time exception instead of just returning "null".
This bug report has Keywords: Regression or TestBlocker. Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.
Waiting for the correct branch.