Bug 846300 - User portal - Disk creator on storage domain cannot create disks
User portal - Disk creator on storage domain cannot create disks
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-userportal (Show other bugs)
3.1.0
Unspecified Unspecified
urgent Severity high
: ---
: ---
Assigned To: Oved Ourfali
Tomas Dosek
infra
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-07 07:42 EDT by Oved Ourfali
Modified: 2016-02-10 14:40 EST (History)
10 users (show)

See Also:
Fixed In Version: si14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-04 15:00:00 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Oved Ourfali 2012-08-07 07:42:12 EDT
Description of problem:
When trying to add disks through the user portal, in the add disk dialog, it fails to find active storage domains (red warning at the bottom of the dialog).
The only way to fix this is adding VmCreator role to the user, on the storage domain.

Version-Release number of selected component (if applicable):


How reproducible:
Always, when the user is not a VMCreator on the storage domain.

Steps to Reproduce:
1. Add a new VM from the user portal
2. Try to add disks to this VM from the user portal
  
Actual results:
See the red warning, and the fact that no storage domains are showed in the storage domain list in the dialog.


Expected results:
Getting the available storage domains, choosing one, and adding the disk successfully.

Additional info:
Fix can be done in VmDiskListModel class, AddDiskUpdateData method, by using ActionGroup.CREATE_DISK instead of ActionGroup.CREATE_VM.
Comment 1 Oved Ourfali 2012-08-07 07:45:52 EDT
Also note that the user must have DiskCreator permissions on the relevant storage domain(s).
Comment 2 Haim 2012-08-08 06:16:26 EDT
(In reply to comment #1)
> Also note that the user must have DiskCreator permissions on the relevant
> storage domain(s).

what's the version\build you worked on ?
Comment 5 Oved Ourfali 2012-08-08 09:26:46 EDT
Solution will include:
1. Adding the CREATE_DISK permission to VmCreator, to allow VM creators to also add disks to the VM.
2. UI fix - to show storage domains with CREATE_DISK permissions on them, instead of CREATE_VM permissions
3. MLA fixes
 a. make the DC a parent of the storage domains
 b. Use the allow viewing children only on templates, disks and VMs (today it is used on all objects). This is in order to show, for example, all the clusters in the DC that the user has VmCreator role on, so that he can see them through the user API (the user portal uses a different query for that).
Comment 6 Oved Ourfali 2012-08-08 15:33:00 EDT
Patches posted upstream, after some sanity testing.
Plan to do some more testing on them before marking them as verified.

http://gerrit.ovirt.org/#/c/7001
http://gerrit.ovirt.org/#/c/7002
http://gerrit.ovirt.org/#/c/7003
http://gerrit.ovirt.org/#/c/7004
Comment 7 Oved Ourfali 2012-08-09 07:21:18 EDT
The patches above are now merged upstream.
Comment 8 David Jaša 2012-08-10 10:58:48 EDT
I've encountered this behavior when I added PowerUser permission to the user on DC level (reported in bug 839319) - could you check that scenario as well?
Comment 9 Oved Ourfali 2012-08-12 02:45:41 EDT
(In reply to comment #8)
> I've encountered this behavior when I added PowerUser permission to the user
> on DC level (reported in bug 839319) - could you check that scenario as well?

I did the following testing (with my patches above):
Added a new user, and gave him power user role on the DC.
Then, I logged in with it to the user portal, added a new VM, and added a new disk. It worked well.

One of the changes I did was to make the storage domain inherit the permissions from the DC, so looks like that was what solved your scenario, as PowerUser has permissions to create disks, and with my patches this permission also propogates to the storage domains.
Comment 13 Tomas Dosek 2012-08-20 09:07:08 EDT
Verified - si14 - this beahviour no longer reproduces. Following flows were tested:

1. Granted VmCreator role on the DC:
 - it will allow user to create VMs, and once user adds VM (s)he'll become the owner of it, with a UserVmManager role
 - it will also allow her/him to create disks to this VM (as VmCreator has permissions to CREATE_DISK and CONFIGURE_VM_STORAGE).

2. Granted VmCreator role on a cluster, and DiskCreator on some DC/Storage domain.
 - VmCreator will allow user to create VMs, and once user adds VM (s)he'll become the owner of it, with a UserVmManager role
 - DiskCreator will allow user to create a disk, but user still needs rights to attach it to the VM (done in one step, but just wanted to clarify the permissions needed). So, the CONFIGURE_VM_STORAGE permission user gets from the VmCreator will allow this disk to be attached to the VM.

Note You need to log in before you can comment on or make changes to this bug.