Bug 1371888 - [z-stream clone - 4.0.4] User can't assign CPU profile after upgrade from 3.6 to 4.0
Summary: [z-stream clone - 4.0.4] User can't assign CPU profile after upgrade from 3.6...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 4.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ovirt-4.0.4
: 4.0.4
Assignee: Andrej Krejcir
QA Contact: Artyom
URL:
Whiteboard:
Depends On: 1369046
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-31 11:20 UTC by rhev-integ
Modified: 2022-07-09 08:31 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, when checking permissions for a CPU profile, group permissions were not considered. Users that were part of a group could not assign a CPU profile and so could not start a virtual machine. This was fixed by using PermissionDao and correct SQL functions when checking permissions, so group permissions are now considered.
Clone Of: 1369046
Environment:
Last Closed: 2016-09-28 22:17:00 UTC
oVirt Team: SLA
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHV-36207 0 None None None 2022-07-09 08:31:35 UTC
Red Hat Product Errata RHSA-2016:1967 0 normal SHIPPED_LIVE Moderate: org.ovirt.engine-root security, bug fix, and enhancement update 2016-09-29 01:02:10 UTC
oVirt gerrit 62822 0 master MERGED core: Fix cpu profile group permissions 2020-08-04 09:28:48 UTC
oVirt gerrit 63021 0 master MERGED core: Add CDI and unit tests for CpuProfileHelper 2020-08-04 09:28:50 UTC
oVirt gerrit 63142 0 ovirt-engine-4.0 MERGED core: Fix cpu profile group permissions 2020-08-04 09:28:48 UTC
oVirt gerrit 63143 0 ovirt-engine-4.0 MERGED core: Add CDI and unit tests for CpuProfileHelper 2020-08-04 09:28:48 UTC
oVirt gerrit 63476 0 ovirt-engine-4.0.4 MERGED core: Fix cpu profile group permissions 2020-08-04 09:28:48 UTC
oVirt gerrit 63477 0 ovirt-engine-4.0.4 MERGED core: Add CDI and unit tests for CpuProfileHelper 2020-08-04 09:28:48 UTC

Comment 3 Jason 2016-09-13 13:28:02 UTC 
Will backporting be available for this bug?
Comment 4 Artyom 2016-09-19 09:04:17 UTC 
Hi, can you please provide reproduce steps for this bug.
Comment 5 Andrej Krejcir 2016-09-19 09:31:24 UTC 
I verified it using these steps:

1. create a user, a group and add the user to the group
2. remove the premission CpuProfileOperator for 'Everyone' on a cpu profile
3. add VmCreator permission for the user on the cluster
4. try to create a VM with the cpu profile in the userportal - should work
5. remove the premission for the user and add the same permission for the group
6. again, try to create a VM in the userportal - should also work

Or other steps can be used to check that CpuProfile works with a group permissions.
Comment 6 Artyom 2016-09-19 14:56:52 UTC 
Looks like bug also exists under rhevm-3.6.9.2-0.1.el6.noarch
1) create a user, a group and add the user to the group
# ovirt-aaa-jdbc-tool group-manage show group_test
Group: group_test(a52f4ff6-f32a-4007-b548-c0f1ea0946a0) members:
  User: alukiano
2) remove the permissions CpuProfileOperator for 'Everyone' on a CPU profile
3) add VmCreator permission for the user 'alukiano' on the cluster
4) try to create a VM with the CPU profile in the userportal - WORK
5) remove the permissions for the user 'alukiano' and add the same permission for the group 'group_test'
6) again, try to create a VM in the userportal - NOT WORK

So maybe we can also cherry-pick this patch to 3.6

Verified on rhevm-4.0.4.3-0.1.el7ev.noarch

1) create a user, a group and add the user to the group
# ovirt-aaa-jdbc-tool group-manage show group_test
Group: group_test(dcdfd9ad-36a3-49d7-b4c1-10944cee9485) members:
  User: alukiano
2) remove the permissions CpuProfileOperator for 'Everyone' on a CPU profile
3) add VmCreator permission for the user 'alukiano' on the cluster
4) try to create a VM with the CPU profile in the userportal - WORK
5) remove the permissions for the user 'alukiano' and add the same permission for the group 'group_test'
6) again, try to create a VM in the userportal - WORK
Comment 8 errata-xmlrpc 2016-09-28 22:17:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-1967.html
Note You need to log in before you can comment on or make changes to this bug.