You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Prachi Damle (JIRA)" <ji...@apache.org> on 2013/04/18 20:00:21 UTC

[jira] [Assigned] (CLOUDSTACK-2078) Anti-Affinity - Error messages when deploying Vm in affinity group /deleting affinity group that does not belong to the user expose account Id and affinity group Id.

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-2078?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Prachi Damle reassigned CLOUDSTACK-2078:
----------------------------------------

    Assignee: Prachi Damle
    
> Anti-Affinity - Error messages when deploying Vm in affinity group /deleting affinity group that does not belong to the user expose account Id and affinity group Id.
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2078
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2078
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.2.0
>         Environment: Build from master
>            Reporter: Sangeetha Hariharan
>            Assignee: Prachi Damle
>             Fix For: 4.2.0
>
>
> In the following scenarios , we expose affinity_group_id and account_id in error messages.
> 1. Error message when 1 regular user tries to delete affinity group that belongs to other user by passing the uuid, We expose the affinity_group_id and account_id in this error message.
> 530 Error text: Acct[3-sangee] does not have permission to operate with resource AffinityGroup[7|test-2|host anti-affinity]
>  
> 2. Error message includes account Id when trying to deploy a Vm in a affinity group name that does not belong to this account:
>  
> Error message seen  - { "deployvirtualmachineresponse" : {"errorcode":431,"cserrorcode":4350,"errortext":"Unable to find group by name sangee-1456 for account 2"} }
>  
> 3. When trying to deploy a Vm in a affinity group that does not belong to this account by passing affinitygroupids:
> 2013-04-17 16:24:39,160 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null) ===START===  10.217.252.128 -- GET  command=deployVirtualMachin
> e&zoneId=63fb31bd-de23-40d5-a710-4a6b922d153c&templateId=aa7c5240-a625-11e2-8627-06d4460004b1&hypervisor=XenServer&serviceOfferingId=8b3e4d
> d8-f8ae-4e12-9551-604fbb6c6313&networkIds=40ae3118-1004-4616-96ee-bd42beb9b8e1&displayname=testnew15&name=testnew15&response=json&sessionke
> y=mAdgavcYHN1AOy5Ox9a%2Fad%2B8Bt0%3D&affinitygroupids=6e2dac53-6e28-4fa9-aec8-c55719bef51e
> 2013-04-17 16:24:39,167 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) InfrastructureEntity name is:com.cloud.offering.ServiceOffer
> ing
> 2013-04-17 16:24:39,170 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) ControlledEntity name is:com.cloud.template.VirtualMachineTe
> mplate
> 2013-04-17 16:24:39,172 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) ControlledEntity name is:com.cloud.network.Network
> 2013-04-17 16:24:39,175 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) ControlledEntity name is:org.apache.cloudstack.affinity.Affi
> nityGroup
> 2013-04-17 16:24:39,176 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-8:null) Access to Acct[3-sangee] granted to Acct[3-sangee] by
> DomainChecker_EnhancerByCloudStack_daf355b4
> 2013-04-17 16:24:39,177 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-8:null) Access to Acct[3-sangee] granted to Acct[3-sangee] by
> DomainChecker_EnhancerByCloudStack_daf355b4
> 2013-04-17 16:24:39,180 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-8:null) Access to Ntwk[204|Guest|8] granted to Acct[3-sangee]
> by DomainChecker_EnhancerByCloudStack_daf355b4
> 2013-04-17 16:24:39,181 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-8:null) Access to Tmpl[5-VHD-centos56-x86_64-xen granted to Ac
> ct[3-sangee] by DomainChecker_EnhancerByCloudStack_daf355b4
> 2013-04-17 16:24:39,182 INFO  [cloud.api.ApiServer] (catalina-exec-8:null) PermissionDenied: Acct[3-sangee] does not have permission to ope
> rate with resource AffinityGroup[7|test-2|host anti-affinity] on uuids: []
> 2013-04-17 16:24:39,182 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null) ===END===  10.217.252.128 -- GET  command=deployVirtualMachine&
> zoneId=63fb31bd-de23-40d5-a710-4a6b922d153c&templateId=aa7c5240-a625-11e2-8627-06d4460004b1&hypervisor=XenServer&serviceOfferingId=8b3e4dd8
> -f8ae-4e12-9551-604fbb6c6313&networkIds=40ae3118-1004-4616-96ee-bd42beb9b8e1&displayname=testnew15&name=testnew15&response=json&sessionkey=
> mAdgavcYHN1AOy5Ox9a%2Fad%2B8Bt0%3D&affinitygroupids=6e2dac53-6e28-4fa9-aec8-c55719bef51e
>  
>  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira