Bug 1371888 – [z-stream clone - 4.0.4] User can't assign CPU profile after upgrade from 3.6 to 4.0

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1371888 - [z-stream clone - 4.0.4] User can't assign CPU profile after upgrade from 3.6 to 4.0

Summary:	[z-stream clone - 4.0.4] User can't assign CPU profile after upgrade from 3.6...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine (Show other bugs)
Sub Component:
Version:	4.0.0
Hardware:	Unspecified Unspecified

Priority	unspecified Severity high
Target Milestone:	ovirt-4.0.4
Target Release:	4.0.4
Assigned To:	Andrej Krejcir
QA Contact:	Artyom
Docs Contact:

URL:
Whiteboard:
Keywords:	Regression, Triaged, ZStream

Depends On:	1369046
Blocks:
	Show dependency tree / graph

Reported:	2016-08-31 07:20 EDT by rhev-integ
Modified:	2017-03-20 07:52 EDT (History)
CC List:	18 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Previously, when checking permissions for a CPU profile, group permissions were not considered. Users that were part of a group could not assign a CPU profile and so could not start a virtual machine. This was fixed by using PermissionDao and correct SQL functions when checking permissions, so group permissions are now considered.
Story Points:	---
Clone Of:	1369046
Environment:
Last Closed:	2016-09-28 18:17:00 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	SLA
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
oVirt gerrit	62822	master	MERGED	core: Fix cpu profile group permissions	2016-09-01 07:52 EDT
oVirt gerrit	63021	master	MERGED	core: Add CDI and unit tests for CpuProfileHelper	2016-09-01 08:19 EDT
oVirt gerrit	63142	ovirt-engine-4.0	MERGED	core: Fix cpu profile group permissions	2016-09-07 05:51 EDT
oVirt gerrit	63143	ovirt-engine-4.0	MERGED	core: Add CDI and unit tests for CpuProfileHelper	2016-09-07 05:51 EDT
oVirt gerrit	63476	ovirt-engine-4.0.4	MERGED	core: Fix cpu profile group permissions	2016-09-07 07:12 EDT
oVirt gerrit	63477	ovirt-engine-4.0.4	MERGED	core: Add CDI and unit tests for CpuProfileHelper	2016-09-07 07:12 EDT
Red Hat Product Errata	RHSA-2016:1967	normal	SHIPPED_LIVE	Moderate: org.ovirt.engine-root security, bug fix, and enhancement update	2016-09-28 21:02:10 EDT

Groups: None (edit)

Comment 3 Jason 2016-09-13 09:28:02 EDT

Will backporting be available for this bug?

Comment 4 Artyom 2016-09-19 05:04:17 EDT

Hi, can you please provide reproduce steps for this bug.

Comment 5 Andrej Krejcir 2016-09-19 05:31:24 EDT

I verified it using these steps:

1. create a user, a group and add the user to the group
2. remove the premission CpuProfileOperator for 'Everyone' on a cpu profile
3. add VmCreator permission for the user on the cluster
4. try to create a VM with the cpu profile in the userportal - should work
5. remove the premission for the user and add the same permission for the group
6. again, try to create a VM in the userportal - should also work

Or other steps can be used to check that CpuProfile works with a group permissions.

Comment 6 Artyom 2016-09-19 10:56:52 EDT

Looks like bug also exists under rhevm-3.6.9.2-0.1.el6.noarch
1) create a user, a group and add the user to the group
# ovirt-aaa-jdbc-tool group-manage show group_test
Group: group_test(a52f4ff6-f32a-4007-b548-c0f1ea0946a0) members:
  User: alukiano
2) remove the permissions CpuProfileOperator for 'Everyone' on a CPU profile
3) add VmCreator permission for the user 'alukiano' on the cluster
4) try to create a VM with the CPU profile in the userportal - WORK
5) remove the permissions for the user 'alukiano' and add the same permission for the group 'group_test'
6) again, try to create a VM in the userportal - NOT WORK

So maybe we can also cherry-pick this patch to 3.6

Verified on rhevm-4.0.4.3-0.1.el7ev.noarch

1) create a user, a group and add the user to the group
# ovirt-aaa-jdbc-tool group-manage show group_test
Group: group_test(dcdfd9ad-36a3-49d7-b4c1-10944cee9485) members:
  User: alukiano
2) remove the permissions CpuProfileOperator for 'Everyone' on a CPU profile
3) add VmCreator permission for the user 'alukiano' on the cluster
4) try to create a VM with the CPU profile in the userportal - WORK
5) remove the permissions for the user 'alukiano' and add the same permission for the group 'group_test'
6) again, try to create a VM in the userportal - WORK

Comment 8 errata-xmlrpc 2016-09-28 18:17:00 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-1967.html

Note You need to log in before you can comment on or make changes to this bug.