Bug 1863051 - [RFE] Allow management of permissions of MAC Address Pools via REST-API
Summary: [RFE] Allow management of permissions of MAC Address Pools via REST-API
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: RestAPI
Version: 4.4.1.10
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ovirt-4.4.3
: ---
Assignee: Dominik Holler
QA Contact: Guilherme Santos
URL:
Whiteboard:
Depends On:
Blocks: 1863054
TreeView+ depends on / blocked
 
Reported: 2020-08-03 14:43 UTC by Dominik Holler
Modified: 2020-11-11 06:42 UTC (History)
5 users (show)

Fixed In Version: ovirt-engine-4.4.3.7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-11 06:42:30 UTC
oVirt Team: Network
Embargoed:
pm-rhel: ovirt-4.4?
pm-rhel: planning_ack?
pm-rhel: devel_ack+
lleistne: testing_ack+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1808320 0 medium CLOSED [Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation 2023-12-15 17:25:29 UTC
oVirt gerrit 110592 0 master MERGED restapi: Add Permissions for MacPool 2020-10-26 16:41:54 UTC
oVirt gerrit 110593 0 master MERGED Add Permissions for MacPool 2020-10-26 16:41:40 UTC
oVirt gerrit 111529 0 master MERGED Upgrade to model 4.4.19, Metamodel 1.3.3 2020-10-26 16:41:40 UTC

Internal Links: 1808320

Description Dominik Holler 2020-08-03 14:43:30 UTC 
It should be possible to add and remove assignments of roles to users on MAC Address pools via REST-API.
Comment 2 Dominik Holler 2020-08-10 06:37:36 UTC 
There are two reasons for this RFE:
1. If a ClusterAdmin or a DataCenterAdmin is responsible to manage a given Cluster or Datacenter,
   she has no permission to use any MAC Address Pool, and is for this reason not able to create a
   new Cluster. Bug 1808320 will give permission at least to the Default MAC Address Pool.
2. This way the management of permissions of MAC Address Pools would be consistent to the
   management of permissions of other entities.
Comment 3 Guilherme Santos 2020-10-29 21:12:45 UTC 
Verified on:
ovirt-engine-4.4.3.8-0.1.el8ev.noarch

Steps:
1. # curl -s -k -u admin@internal:<psswd> https://<fqdn>/ovirt-engine/api/macpools/58ca604b-017d-0374-0220-00000000014e/permissions
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<permissions>
    <permission href="/ovirt-engine/api/groups/eee00000-0000-0000-0000-123456789eee/permissions/58ca604b-017d-0374-0220-00000000014e" id="58ca604b-017d-0374-0220-00000000014e">
        <group href="/ovirt-engine/api/groups/eee00000-0000-0000-0000-123456789eee" id="eee00000-0000-0000-0000-123456789eee"/>
        <role href="/ovirt-engine/api/roles/def00014-0000-0000-0000-def000000014" id="def00014-0000-0000-0000-def000000014"/>
...
</permissions>

2. # cat add.xml
<permission>
  <role>
    <name>SuperUser</name>
  </role>
  <user id="a452d394-02df-44fb-b9dd-689a714fc3c3"/>
</permission>

3. # curl -s -k -H "Content-type: application/xml" -u admin@internal:<psswd> https://<fqdn>/ovirt-engine/api/macpools/58ca604b-017d-0374-0220-00000000014e/permissions -d @add.xml

Results:
permissions endpoint present on macpool api, superuser permission successfully added on macpool for user a452d394-02df-44fb-b9dd-689a714fc3c3
Comment 4 Sandro Bonazzola 2020-11-11 06:42:30 UTC 
This bugzilla is included in oVirt 4.4.3 release, published on November 10th 2020.

Since the problem described in this bug report should be resolved in oVirt 4.4.3 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Note You need to log in before you can comment on or make changes to this bug.