Bug 1356872 - 2.0: An user created from api/v2/user does not have permission to run any API command
Summary: 2.0: An user created from api/v2/user does not have permission to run any API...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: Calamari
Version: 2.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 2.3
Assignee: Christina Meno
QA Contact: ceph-qe-bugs
Bara Ancincova
URL:
Whiteboard:
Depends On:
Blocks: 1322504 1383917 1412948
TreeView+ depends on / blocked
 
Reported: 2016-07-15 07:44 UTC by Harish NV Rao
Modified: 2017-04-04 18:24 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
.Users created by using the Calamari API do not have permissions to run the API commands When a user is created by using the Calamari REST API (`api/v2/user`), the user does not have permissions to run most of the Calamari API commands. Consequently, an attempt to run the commands fails with the following error message: ---- "You do not have permission to perform this action" ---- To work around this issue, use the `calamari-ctl add_user` command from the command line when creating new users.
Clone Of:
Environment:
Last Closed: 2017-04-04 18:24:29 UTC


Attachments (Terms of Use)

Description Harish NV Rao 2016-07-15 07:44:36 UTC
Description of problem:

An user created from api/v2/user does not have permission to run any API command


Version-Release number of selected component (if applicable):
calamari-server-1.4.5-1.el7cp.x86_64
ceph version 10.2.2-21


How reproducible: always


Steps to Reproduce:
1) create a user from api/v2/user
2) login as this user to calamari via Django REST framework in any supported browser
3) try running commands like /api/v2/cluster/<id>/crush_map or crush_rule or osd or mon etc., or api/v2/user. 
4) almost all the commands fail with error message: "You do not have permission to perform this action"
5) This does not happen for a user created from "calamari-ctl add_user"

Actual results:


Expected results:


Additional info:

Comment 2 Harish NV Rao 2016-07-15 07:49:15 UTC
Additional info: when an user created from api/v2/user is 'renamed' using 'calamari-ctl rename_user' command, the changed user cannot log back to calamari-lite.

Comment 6 Christina Meno 2016-08-17 16:36:23 UTC
Looks good


Note You need to log in before you can comment on or make changes to this bug.