Bug 1439611
| Summary: | [z-stream clone - 4.1.2] Running the command logon on the VM via the REST failed with the exception | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Igor Netkachev <inetkach> | ||||
| Component: | ovirt-engine | Assignee: | Ravi Nori <rnori> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Jiri Belka <jbelka> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 4.0.7 | CC: | bazulay, khuh, lsurette, mgoldboi, michal.skrivanek, mperina, oourfali, pstehlik, rbalakri, Rhev-m-bugs, srevivo, ykaul | ||||
| Target Milestone: | ovirt-4.1.2 | Keywords: | Regression, ZStream | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | Infra | ||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-05-24 11:22:47 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1438484 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
WARN: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason:
[FOUND NON-ACKED FLAGS: {'rhevm-4.1.z': '?'}]
For more info please contact: rhv-devops
ok, ovirt-engine-4.1.2.1-0.1.el7.noarch no more exception but i see no use for VM SSO with admin@internal. 2017-05-10 23:07:24,461+02 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-8) [] User admin@internal successfully logged in with scopes: ovirt-app-api ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access 2017-05-10 23:07:24,550+02 INFO [org.ovirt.engine.core.bll.VmLogonCommand] (default task-23) [765e5ca6-1684-4189-9bbd-7e08bd229567] Running command: VmLogonCommand internal: false. Entities affected : ID: 7603f033-9324-4dc4-a207-e103d36dc9e7 Type: VMAction group CONNECT_TO_VM with role type USER 2017-05-10 23:07:25,619+02 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-30) [563b579a] User admin@internal successfully logged in with scopes: ovirt-app-api ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access If this issue was related to use case to get vv file and VM SSO via restapi, then I had issues when trying to do this for a domain user, see https://bugzilla.redhat.com/show_bug.cgi?id=1449845 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1280 |
Created attachment 1269312 [details] engine.log Description of problem: Running the command logon on the VM via the REST failed with the exception: 22017-04-03 09:16:36,250-04 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-28) [] OAuthException invalid_scope: The requested scope '[ovirt-ext=token:password-access]' is invalid, unknown, malformed, or exceeds the scope granted by the resource owner. 2017-04-03 09:16:36,251-04 ERROR [org.ovirt.engine.core.bll.VmLogonCommand] (default task-27) [966ba276-b110-46d0-abdc-f48f0d369cea] Command 'org.ovirt.engine.core.bll.VmLogonCommand' failed: invalid_scope: The requested scope '[ovirt-ext=token:password-access]' is invalid, unknown, malformed, or exceeds the scope granted by the resource owner. 2017-04-03 09:16:36,251-04 ERROR [org.ovirt.engine.core.bll.VmLogonCommand] (default task-27) [966ba276-b110-46d0-abdc-f48f0d369cea] Exception: java.lang.RuntimeException: invalid_scope: The requested scope '[ovirt-ext=token:password-access]' is invalid, unknown, malformed, or exceeds the scope granted by the resource owner. at org.ovirt.engine.core.aaa.filters.FiltersHelper.isStatusOk(FiltersHelper.java:64) [aaa.jar:] at org.ovirt.engine.core.aaa.SsoUtils.getPassword(SsoUtils.java:90) [aaa.jar:] at org.ovirt.engine.core.bll.VmLogonCommand.perform(VmLogonCommand.java:50) [bll.jar:] at org.ovirt.engine.core.bll.VmOperationCommandBase.executeVmCommand(VmOperationCommandBase.java:29) [bll.jar:] at org.ovirt.engine.core.bll.VmCommand.executeCommand(VmCommand.java:120) [bll.jar:] Version-Release number of selected component (if applicable): rhevm-4.1.1.7-0.1.el7.noarch How reproducible: Always Steps to Reproduce: 1. Create VM and configure it for SSO 2. Run logon command via REST as admin@internal user with the body: <action/> 3. Actual results: Command failed with the response <action> <fault> <detail>[Internal Engine Error]</detail> <reason>Operation Failed</reason> </fault> <status>failed</status> </action> Expected results: Command must succeed, admin@internal has SuperUser permissions, so it does not fail because insufficient permissions. Additional info: I tried also to login with other user, but the result is the same