Red Hat Bugzilla – Bug 1462269
Empty page on Cloud Volume page
Last modified: 2018-03-16 10:22:27 EDT
Created attachment 1288386 [details]
Description of problem:
Cloud volume page shows no info
Version-Release number of selected component (if applicable):
188.8.131.52 and RHOS 10
Steps to Reproduce:
1. Go Storage -> Volumes
2. Click on and existing volume
Volume page shows no info (attach)
Appropriate info is displayed
UPD. 'Detach volume from instance' is empty too, I think it is the same as in a topic
1. Open any volume page
2. Click Configuration -> Detach this Cloud Volume from an Instance
As result - empty page
I can't reproduce this on either 5.7 or on master -- is this still happening?
I cannot reproduce this either. Please let us know if this is still happening for you. Thanks!
Created attachment 1358265 [details]
cloud volume role features for role Eqnx-Clientes
Created attachment 1358691 [details]
compute infra role settings
Just to answer the NEEDINFO, I believe the issue was that read access for individual cloud volumes required more privileges than necessary. I've made a PR above to address this.
It looks like the other half of this issue is related to the 'providers' api endpoint. The cloud volume form calls to it to request a list of providers/managers with storage capabilities, but fails if the user doesn't have ems_infra permissions.
Looking at https://github.com/imtayadeway/manageiq-api/blob/cebbdc102cd87d0d5120ca35c8571132f7e530eb/config/api.yml#L1856 it appears that the providers endpoint uses all ems_infra related roles. I'm not sure if the issue is that the required permissions are incorrect, if it's the wrong endpoint to use to list storage managers on this form, or if it's just misaligned expectations.
New commit detected on ManageIQ/manageiq-api/master:
Author: Tim Wade <firstname.lastname@example.org>
AuthorDate: Wed Dec 20 11:45:35 2017 -0800
Commit: Tim Wade <email@example.com>
CommitDate: Wed Dec 20 11:45:35 2017 -0800
Only require read priviliges to show cloud volumes
It looks like the RBAC identifier needed for `CloudVolumes#show` has
been configured incorrectly as `cloud_volume` - the parent of all
cloud volumes. Hence, it requires a user to have all priviliges just
to view individual cloud volumes. Changing this to `cloud_volume_show`
should allow read-only access for users that don't have full
config/api.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
*** Bug 1533057 has been marked as a duplicate of this bug. ***