You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Rayees Namathponnan (JIRA)" <ji...@apache.org> on 2014/05/11 17:05:15 UTC
[jira] [Created] (CLOUDSTACK-6630) [Automation] Failed to create PF
rule with error "does not have permission to access resource"
Rayees Namathponnan created CLOUDSTACK-6630:
-----------------------------------------------
Summary: [Automation] Failed to create PF rule with error "does not have permission to access resource"
Key: CLOUDSTACK-6630
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6630
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: IAM
Affects Versions: 4.4.0
Reporter: Rayees Namathponnan
Priority: Blocker
Fix For: 4.4.0
Run BVT suite volume.py
test case creating account, deploying vm and configuring SNAT with PF rule,
Result
PF rule creation failed with below exception
2014-05-10 23:58:48,482 DEBUG [o.a.c.i.RoleBasedEntityAccessChecker] (catalina-exec-23:ctx-bc32f45f ctx-1c7a9889 ctx-d99c5930) IAM access c
heck for 2-null-null-DomainCapability from cache: false
2014-05-10 23:58:48,493 DEBUG [c.c.a.ApiServlet] (catalina-exec-23:ctx-bc32f45f ctx-1c7a9889 ctx-d99c5930) ===END=== 10.223.240.194 -- GET
signature=gD6OYRiz6Jd%2FZz7M7emIaancCr0%3D&apiKey=leb8qPblUzbfXRSpfWRZzvgKTo1pAd3Z9S7gkvok9BGpFEm1DsuPCjMeETvbMkjOEeoNX8wgMtK7K0S7ywd5cA&
command=queryAsyncJobResult&response=json&jobid=3b680c4e-8508-4691-9d89-87dfeb400dec
2014-05-10 23:58:48,499 DEBUG [c.c.a.ApiServlet] (catalina-exec-22:ctx-7e9bd8bb) ===START=== 10.223.240.194 -- GET apiKey=leb8qPblUzbfXRS
pfWRZzvgKTo1pAd3Z9S7gkvok9BGpFEm1DsuPCjMeETvbMkjOEeoNX8wgMtK7K0S7ywd5cA&virtualmachineid=eabab3fc-5229-47fe-b4b5-ae1d47c119fc&ipaddressid=3
a2642c3-4c04-47f3-a5a5-a5446673223d&signature=fIvJyw2UfV2Y9mTnxmx7eMick6w%3D&command=createPortForwardingRule&privateport=22&protocol=TCP&p
ublicport=2222&response=json
2014-05-10 23:58:48,532 DEBUG [c.c.a.m.AgentManagerImpl] (AgentManager-Handler-3:null) SeqA 6-221: Processing Seq 6-221: { Cmd , MgmtId: -
1, via: 6, Ver: v1, Flags: 11, [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":4,"_loadInfo":"{\n \"connections\": []\
n}","wait":0}}] }
2014-05-10 23:58:48,536 DEBUG [c.c.a.m.AgentManagerImpl] (AgentManager-Handler-3:null) SeqA 6-221: Sending Seq 6-221: { Ans: , MgmtId: 290
66118877352, via: 6, Ver: v1, Flags: 100010, [{"com.cloud.agent.api.AgentControlAnswer":{"result":true,"wait":0}}] }
2014-05-10 23:58:48,598 DEBUG [o.a.c.i.RoleBasedEntityAccessChecker] (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) IAM access c
heck for 2-null-null-SystemCapability from cache: true
2014-05-10 23:58:48,599 DEBUG [c.c.u.AccountManagerImpl] (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) Root Access granted to A
cct[9b57332c-d8d1-11e3-a7c8-1a6f7bb0d0a8-admin] by RoleBasedEntityAccessChecker
2014-05-10 23:58:48,601 DEBUG [o.a.c.i.RoleBasedEntityAccessChecker] (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) IAM access c
heck for 2-null-null-DomainCapability from cache: false
2014-05-10 23:58:48,606 DEBUG [o.a.c.i.RoleBasedEntityAccessChecker] (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) IAM access c
heck for 2-null-null-DomainResourceCapability from cache: false
2014-05-10 23:58:48,627 DEBUG [o.a.c.i.s.IAMServiceImpl] (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) Put IAM access check for
2-VirtualMachine8-OperateEntry-createPortForwardingRule in cache
2014-05-10 23:58:48,650 DEBUG [o.a.c.i.RoleBasedEntityAccessChecker] (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) Account Acct[9b57332c-d8d1-11e3-a7c8-1a6f7bb0d0a8-admin] does not have permission to access resource Ip[10.223.122.71-1] for access type: OperateEntry
2014-05-10 23:58:48,650 DEBUG [o.a.c.i.s.IAMServiceImpl] (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) Put IAM access check for 2-IpAddress6-OperateEntry-createPortForwardingRule in cache
2014-05-10 23:58:48,651 INFO [c.c.a.ApiServer] (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) PermissionDenied: Account Acct[9b57332c-d8d1-11e3-a7c8-1a6f7bb0d0a8-admin] does not have permission to access resource Ip[10.223.122.71-1] for access type: OperateEntry on objs: []
2014-05-10 23:58:48,654 DEBUG [c.c.a.ApiServlet] (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) ===END=== 10.223.240.194 -- GET apiKey=leb8qPblUzbfXRSpfWRZzvgKTo1pAd3Z9S7gkvok9BGpFEm1DsuPCjMeETvbMkjOEeoNX8wgMtK7K0S7ywd5cA&virtualmachineid=eabab3fc-5229-47fe-b4b5-ae1d47c119fc&ipaddressid=3a2642c3-4c04-47f3-a5a5-a5446673223d&signature=fIvJyw2UfV2Y9mTnxmx7eMick6w%3D&command=createPortForwardingRule&privateport=22&protocol=TCP&publicport=2222&response=json
2014-05-10 23:58:48,809 DEBUG [c.c.a.ApiServlet] (catalina-exec-16:ctx-75c2ca30) ===START=== 10.223.240.194 -- GET apiKey=leb8qPblUzbfXRSpfWRZzvgKTo1pAd3Z9S7gkvok9BGpFEm1DsuPCjMeETvbMkjOEeoNX8wgMtK7K0S7ywd5cA&command=listDomains&signature=vw1816eP4qADj2X%2FbYUVXDSnoXA%3D&response=json
--
This message was sent by Atlassian JIRA
(v6.2#6252)