Project

General

Profile

Actions

Bug #6835

closed

Unable to use RHEV/ovirt without admin permissions on the rhev cluster

Added by Dominic Cleal over 10 years ago. Updated over 8 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Category:
Compute resources - oVirt
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1123676
Description of problem:
When trying to create a rhev compute resource with non-admin RHEV user, the following error occurs:

"query execution failed due to insufficient permissions."

The reason for this is the RHEV needs to be called with 'Filter: true' headers
for the api to work correctly with non-admin user.

The rbovirt client library supports to specify the filtered_api option, but fog and foreman don't have a support for that

https://github.com/abenari/rbovirt/blob/a7c277e3fc5698e55e95a9432997b1a9c8d486ae/lib/rbovirt.rb#L54-L55

Actions #1

Updated by Dominic Cleal over 10 years ago

  • Category set to Compute resources - oVirt
  • Assignee deleted (Dominic Cleal)
Actions #2

Updated by Tom Caspy almost 10 years ago

added a pull request to the fog gem: https://github.com/fog/fog/pull/3393

Actions #3

Updated by Ohad Levy over 9 years ago

Fog PR has been merged a while ago.

Actions #4

Updated by Jorick Astrego about 9 years ago

It appears it still doesn't get set in:

foreman-ovirt-1.9.2-1.el6.noarch
ruby193-rubygem-rbovirt-0.0.35-1.el6.noarch

I'll continue on the foreman list from now.

2015-11-02 10:29:17,126 DEBUG [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp--127.0.0.1-8702-9) Found permission fbcb73a0-226e-49d4-9e7a-01c665127a07 for user when running LoginUser, on Bottom with id bbb00000-0000-0000-0000-123456789bbb
2015-11-02 10:29:17,128 DEBUG [org.ovirt.engine.core.bll.aaa.LoginBaseCommand] (ajp--127.0.0.1-8702-9) Checking if user testuser is an admin, result false
2015-11-02 10:29:17,129 INFO [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp--127.0.0.1-8702-9) Running command: LoginUserCommand(LoginName = null, ProfileName = netbulae.test, AuthRecord = {Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=testuser}, IsAdmin = false, ActionType = LoginUser, AuthType = CREDENTIALS) internal: false.
2015-11-02 10:29:17,132 TRACE [org.ovirt.engine.core.bll.GetConfigurationValueQuery] (ajp--127.0.0.1-8702-9) START, GetConfigurationValueQuery(version: general, configuration value: ApplicationMode, refresh: false, filtered: false), log id: 438b23b5
2015-11-02 10:29:17,134 TRACE [org.ovirt.engine.core.bll.GetConfigurationValueQuery] (ajp--127.0.0.1-8702-9) FINISH, GetConfigurationValueQuery, log id: 438b23b5
2015-11-02 10:29:17,134 TRACE [org.ovirt.engine.core.bll.aaa.GetValueBySessionQuery] (ajp--127.0.0.1-8702-9) START, GetValueBySessionQuery(refresh: false, filtered: false), log id: 63d562b7
2015-11-02 10:29:17,135 TRACE [org.ovirt.engine.core.bll.aaa.GetValueBySessionQuery] (ajp--127.0.0.1-8702-9) FINISH, GetValueBySessionQuery, log id: 63d562b7
2015-11-02 10:29:17,136 TRACE [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-9) START, SearchQuery(search type: StoragePool, search pattern: [Datacenter : ], case sensitive: true [from: 0, max: -1] refresh: true, filtered: false), log id: 4e440f95
2015-11-02 10:29:17,138 ERROR [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-9) Query execution failed due to insufficient permissions.
Actions #5

Updated by The Foreman Bot over 8 years ago

  • Assignee set to Marek Hulán
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3288 added
Actions #6

Updated by Ohad Levy over 8 years ago

  • Bugzilla link changed from 1123676 to 1203670
Actions #7

Updated by Ohad Levy over 8 years ago

  • Bugzilla link changed from 1203670 to 1123676
Actions #8

Updated by Dominic Cleal over 8 years ago

  • Status changed from Ready For Testing to Rejected

PR closed in favour of documenting required permissions. Please consider sending a PR to theforeman.org, section 5.2.7 mirroring the one in the VMware section 5.2.9.

Actions

Also available in: Atom PDF