You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2022/03/31 19:49:25 UTC

[GitHub] [cloudstack] weizhouapache opened a new issue #6191: list routers issues by domain admin

weizhouapache opened a new issue #6191:
URL: https://github.com/apache/cloudstack/issues/6191


   API `listRouters` is permitted to domain admin since the implementation of dynamic roles.
   
   the file `engine/schema/src/main/resources/META-INF/db/create-default-role-api-mappings.sql` has the following sql
   ```
   INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) values (UUID(), 3, 'listRouters', 'ALLOW', 194) ON DUPLICATE KEY UPDATE rule=rule;
   ```
   There are few issues on UI
   (1) domain admin can list virtual routers of isolated networks , but get a 404 error when view the details of routers.
   (2) the api response of listrouters does not have information of guest nic 
   (3) domain admin cannot list virtual routers of shared networks (scope is Domain or Account).
   
   First of all, do we need to add this role permission by default ?
   
   ##### ISSUE TYPE
   <!-- Pick one below and delete the rest -->
    * Bug Report
   
   
   ##### COMPONENT NAME
   <!--
   Categorize the issue, e.g. API, VR, VPN, UI, etc.
   -->
   ~~~
   API, UI
   ~~~
   
   ##### CLOUDSTACK VERSION
   <!--
   New line separated list of affected versions, commit ID for issues on main branch.
   -->
   
   ~~~
   4.17.0.0
   ~~~
   
   ##### CONFIGURATION
   <!--
   Information about the configuration if relevant, e.g. basic network, advanced networking, etc.  N/A otherwise
   -->
   
   
   ##### OS / ENVIRONMENT
   <!--
   Information about the environment if relevant, N/A otherwise
   -->
   
   
   ##### SUMMARY
   <!-- Explain the problem/feature briefly -->
   
   
   ##### STEPS TO REPRODUCE
   <!--
   For bugs, show exactly how to reproduce the problem, using a minimal test-case. Use Screenshots if accurate.
   
   For new features, show how the feature would be used.
   -->
   
   <!-- Paste example playbooks or commands between quotes below -->
   ~~~
   
   ~~~
   
   <!-- You can also paste gist.github.com links for larger files -->
   
   ##### EXPECTED RESULTS
   <!-- What did you expect to happen when running the steps above? -->
   
   ~~~
   
   ~~~
   
   ##### ACTUAL RESULTS
   <!-- What actually happened? -->
   
   <!-- Paste verbatim command output between quotes below -->
   ~~~
   
   ~~~
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rohityadavcloud commented on issue #6191: list routers issues by domain admin

Posted by GitBox <gi...@apache.org>.

rohityadavcloud commented on issue #6191:
URL: https://github.com/apache/cloudstack/issues/6191#issuecomment-1085529215


   Hi @weizhouapache this sounds like a bug, have you checked git history - if git history confirms that listRouters shouldn'be allowed for domain domain - let's remove this at least from default/in-built roles in an upgrade path in 4.17.0.0. cc @nvazquez @Pearl1594 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] DaanHoogland commented on issue #6191: list routers issues by domain admin

Posted by GitBox <gi...@apache.org>.

DaanHoogland commented on issue #6191:
URL: https://github.com/apache/cloudstack/issues/6191#issuecomment-1085970044


   As a domain admin I would like to see the routers and the internal nics, I'm not sure if I would need to see all router attributes as domain admin. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache commented on issue #6191: list routers issues by domain admin

Posted by GitBox <gi...@apache.org>.

weizhouapache commented on issue #6191:
URL: https://github.com/apache/cloudstack/issues/6191#issuecomment-1085542310


   > Hi @weizhouapache this sounds like a bug, have you checked git history - if git history confirms that listRouters shouldn'be allowed for domain admin - let's remove this at least from default/in-built roles in an upgrade path in 4.17.0.0. cc @nvazquez @Pearl1594
   
   @rohityadavcloud 
   I just checked the deprecated `client/tomcatconf/commands.properties.in`, it looks these APIs are allowed for domain admin.
   if so, let's fix the bugs.
   
   ```
   #### router commands
   startRouter=7
   rebootRouter=7
   stopRouter=7
   destroyRouter=7
   changeServiceForRouter=7
   listRouters=7
   listVirtualRouterElements=7
   configureVirtualRouterElement=7
   createVirtualRouterElement=7
   upgradeRouterTemplate=1
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rohityadavcloud edited a comment on issue #6191: list routers issues by domain admin

Posted by GitBox <gi...@apache.org>.

rohityadavcloud edited a comment on issue #6191:
URL: https://github.com/apache/cloudstack/issues/6191#issuecomment-1085529215


   Hi @weizhouapache this sounds like a bug, have you checked git history - if git history confirms that listRouters shouldn'be allowed for domain admin - let's remove this at least from default/in-built roles in an upgrade path in 4.17.0.0. cc @nvazquez @Pearl1594 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rohityadavcloud commented on issue #6191: list routers issues by domain admin

Posted by GitBox <gi...@apache.org>.

rohityadavcloud commented on issue #6191:
URL: https://github.com/apache/cloudstack/issues/6191#issuecomment-1085547033


   If the listRouters is an allowed API historically, perhaps it was never meant to be supported in the UI? So, it's worth discussing how we fix the bug or do anything about it in the UI?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org