Created attachment 564599 [details] Add Account Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1.Create a user with only "Zone Administrator" role 2.Login 3.Go to clouds 4.Select any cloud 5.go to accounts 6.Click on "Add Actual results: Error on UI: PGError: ERROR: column reference "id" is ambiguous LINE 6: privileges_roles.action='use')) AND (id not in (0)) LI... ^ : SELECT DISTINCT "provider_accounts".id FROM "provider_accounts" LEFT OUTER JOIN "permissions" ON "permissions"."permission_object_id" = "provider_accounts"."id" AND "permissions"."permission_object_type" = 'ProviderAccount' LEFT OUTER JOIN "roles" ON "roles"."id" = "permissions"."role_id" LEFT OUTER JOIN "privileges" ON "privileges"."role_id" = "roles"."id" LEFT OUTER JOIN "providers" ON "providers"."id" = "provider_accounts"."provider_id" LEFT OUTER JOIN "permissions" "permissions_providers" ON "permissions_providers"."permission_object_id" = "providers"."id" AND "permissions_providers"."permission_object_type" = 'Provider' LEFT OUTER JOIN "roles" "roles_permissions" ON "roles_permissions"."id" = "permissions_providers"."role_id" LEFT OUTER JOIN "privileges" "privileges_roles" ON "privileges_roles"."role_id" = "roles_permissions"."id" WHERE ((permissions.user_id=3 and privileges.target_type='ProviderAccount' and privileges.action='use') or (permissions_providers.user_id=3 and privileges_roles.target_type='ProviderAccount' and privileges_roles.action='use')) AND (id not in (0)) LIMIT 1 Expected results: This happened because the user doesn't have provider account created. but the error message should be changed / the "add account" button should not be given for the zone administrator as they don't have provider account. Additional info: Screen shot attached :Add account.png
Created attachment 564600 [details] Rails Log file Attached Rails.log file Aeolus: rpm -qa | grep aeolus aeolus-conductor-0.8.0-28.el6.noarch aeolus-conductor-daemons-0.8.0-28.el6.noarch aeolus-conductor-doc-0.8.0-28.el6.noarch rubygem-aeolus-image-0.3.0-7.el6.noarch aeolus-all-0.8.0-28.el6.noarch rubygem-aeolus-cli-0.3.0-8.el6.noarch aeolus-configure-2.5.0-14.el6.noarch
fixed in master branch e4654f3e560452202063ca92913e72818d79ab7c
The bug still exists in the latest build also [root@ibm-ls21-04 test]# rpm -qa | grep aeolus aeolus-conductor-daemons-0.8.0-35.el6.noarch aeolus-conductor-0.8.0-35.el6.noarch aeolus-configure-2.5.0-15.el6.noarch aeolus-conductor-doc-0.8.0-35.el6.noarch rubygem-aeolus-cli-0.3.0-10.el6.noarch aeolus-all-0.8.0-35.el6.noarch rubygem-aeolus-image-0.3.0-9.el6.noarch Attached the screen shot (error while adding account.png)
Created attachment 565207 [details] error while adding account
Can you please retest on latest build?
Yes, i have retested on the latest build, but still i could see the same exception.(same steps followed as per 'Description') [root@hp-z200-06 ~]# rpm -qa | grep aeolus aeolus-conductor-0.8.0-39.el6.noarch rubygem-aeolus-cli-0.3.0-12.el6.noarch aeolus-all-0.8.0-39.el6.noarch aeolus-conductor-daemons-0.8.0-39.el6.noarch rubygem-aeolus-image-0.3.0-10.el6.noarch aeolus-conductor-doc-0.8.0-39.el6.noarch aeolus-configure-2.5.0-16.el6.noarch error: PGError: ERROR: column reference "id" is ambiguous LINE 6: privileges_roles.action='use')) AND (id not in (1)) LI... ^ : SELECT DISTINCT "provider_accounts".id FROM "provider_accounts" LEFT OUTER JOIN "permissions" ON "permissions"."permission_object_id" = "provider_accounts"."id" AND "permissions"."permission_object_type" = 'ProviderAccount' LEFT OUTER JOIN "roles" ON "roles"."id" = "permissions"."role_id" LEFT OUTER JOIN "privileges" ON "privileges"."role_id" = "roles"."id" LEFT OUTER JOIN "providers" ON "providers"."id" = "provider_accounts"."provider_id" LEFT OUTER JOIN "permissions" "permissions_providers" ON "permissions_providers"."permission_object_id" = "providers"."id" AND "permissions_providers"."permission_object_type" = 'Provider' LEFT OUTER JOIN "roles" "roles_permissions" ON "roles_permissions"."id" = "permissions_providers"."role_id" LEFT OUTER JOIN "privileges" "privileges_roles" ON "privileges_roles"."role_id" = "roles_permissions"."id" WHERE ((permissions.user_id=2 and privileges.target_type='ProviderAccount' and privileges.action='use') or (permissions_providers.user_id=2 and privileges_roles.target_type='ProviderAccount' and privileges_roles.action='use')) AND (id not in (1)) LIMIT 1 log: Rail log attached.
Created attachment 566784 [details] Rails log
Actually I found and fixed this bug as part of my fix for 788148. The patch is on list at https://fedorahosted.org/pipermail/aeolus-devel/2012-March/009296.html
So you'll want this commit from master to test this: 72f4dff042c6df8f6943ee17fecbaf35d92ebf7a Really you want all 6 commits for the bug -- just make sure all 'master' commits with 'Bug 788148:' in the commit message are included.
Verified the bug on [root@intel-d3c69-01 nodes]# rpm -qa | grep aeolus aeolus-conductor-doc-0.8.0-41.el6.noarch aeolus-configure-2.5.0-18.el6.noarch aeolus-conductor-daemons-0.8.0-41.el6.noarch rubygem-aeolus-image-0.3.0-12.el6.noarch rubygem-aeolus-cli-0.3.0-13.el6.noarch aeolus-all-0.8.0-41.el6.noarch aeolus-conductor-0.8.0-41.el6.noarch Observed that now the user is not getting any error on the conductor(PFA)
Created attachment 568183 [details] SS
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-0583.html