Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 918729

Summary: duplicate permissions of Networkuser on events ID: 519,516,510
Product: Red Hat Enterprise Virtualization Manager Reporter: Eyal Edri <eedri>
Component: ovirt-engine-restapiAssignee: Ravi Nori <rnori>
Status: CLOSED NOTABUG QA Contact: Elena <edolinin>
Severity: unspecified Docs Contact:
Priority: high    
Version: 3.2.0CC: acathrow, dyasny, iheim, masayag, mpastern, oramraz, Rhev-m-bugs, srevivo, ykaul
Target Milestone: ---Keywords: Regression, TestBlocker
Target Release: 3.2.0   
Hardware: Unspecified   
OS: Linux   
Whiteboard: network, infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-11 13:08:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
engine + vdsm logs none

Description Eyal Edri 2013-03-06 18:42:57 UTC 
Description of problem:
<events>
    <event href="/api/events/519" id="519">
        <description>User/Group Everyone Role NetworkUser permission was removed from Network rhevm by vdcadmin</description>
        <code>852</code>
        <severity>normal</severity>
        <time>2013-03-06T20:35:18.820+02:00</time>
        <correlation_id>326</correlation_id>
        <user href="/api/users/9b9002d1-ec33-4083-8a7b-31f6b8931648" id="9b9002d1-ec33-4083-8a7b-31f6b8931648"/>
        <origin>oVirt</origin>
        <custom_id>-1</custom_id>
        <flood_rate>30</flood_rate>
    </event>
    <event href="/api/events/516" id="516">
        <description>User/Group Everyone Role NetworkUser permission was removed from Network rhevm by vdcadmin</description>
        <code>852</code>
        <severity>normal</severity>
        <time>2013-03-06T20:35:18.703+02:00</time>
        <correlation_id>326</correlation_id>
        <user href="/api/users/9b9002d1-ec33-4083-8a7b-31f6b8931648" id="9b9002d1-ec33-4083-8a7b-31f6b8931648"/>
        <origin>oVirt</origin>
        <custom_id>-1</custom_id>
        <flood_rate>30</flood_rate>
    </event>
    <event href="/api/events/513" id="513">
        <description>User/Group istein.tlv.redhat.com Role TemplateAdmin permission was removed from Data Center DefaultRest by vdcadmin</description>
        <code>852</code>
        <severity>normal</severity>
        <time>2013-03-06T20:35:18.518+02:00</time>
        <correlation_id>326</correlation_id>
        <user href="/api/users/9b9002d1-ec33-4083-8a7b-31f6b8931648" id="9b9002d1-ec33-4083-8a7b-31f6b8931648"/>
        <origin>oVirt</origin>
        <custom_id>-1</custom_id>
        <flood_rate>30</flood_rate>
    </event>
    <event href="/api/events/510" id="510">
        <description>User/Group Everyone Role NetworkUser permission was removed from Network rhevm by vdcadmin</description>
        <code>852</code>
        <severity>normal</severity>
        <time>2013-03-06T20:35:18.399+02:00</time>
        <correlation_id>326</correlation_id>
        <user href="/api/users/9b9002d1-ec33-4083-8a7b-31f6b8931648" id="9b9002d1-ec33-4083-8a7b-31f6b8931648"/>
        <origin>oVirt</origin>
        <custom_id>-1</custom_id>
        <flood_rate>30</flood_rate>
    </event>
    <event href="/api/events/507" id="507">
        <description>User/Group Everyone Role UserTemplateBasedVm permission was removed from Template Blank by vdcadmin</description>
        <code>852</code>
        <severity>normal</severity>
        <time>2013-03-06T20:35:18.273+02:00</time>
        <correlation_id>326</correlation_id>
        <user href="/api/users/9b9002d1-ec33-4083-8a7b-31f6b8931648" id="9b9002d1-ec33-4083-8a7b-31f6b8931648"/>
        <origin>oVirt</origin>
        <custom_id>-1</custom_id>
        <flood_rate>30</flood_rate>
    </event>
</events>
 

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Eyal Edri 2013-03-06 18:46:51 UTC 
Created attachment 706208 [details]
engine + vdsm logs
Comment 3 Moti Asayag 2013-03-10 19:00:01 UTC 
Eyal, can you provide a clear description of the bug and a reproducible?

I couldn't get enough information about the system prior to the removal and by looking at the events it seems like a multiple action (due to the correlation id = 326 in all events) that removed all of the permissions on network 'rhevm' from a specific user.

If there are several data-centers and the user had the NetworkUser permissions on all of their management network - the scenario is legit.

I wasn't able to find an indication that all of the permissions are on the same network. Unless you can approve there was a single data-center on that setup.
Comment 5 Moti Asayag 2013-03-11 13:08:19 UTC 
As part of fixing bug 902697, upon creation of a data-center, the management network is being created automatically.
In order for that network to be accessed by the users, a NetworkUser role is being granted on it to 'everyone' user.

Therefore more permissions were created than the test expects.