You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Saksham Srivastava (JIRA)" <ji...@apache.org> on 2014/07/17 11:59:05 UTC

[jira] [Updated] (CLOUDSTACK-6508) impossible to list projects from API with domainid set

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-6508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Saksham Srivastava updated CLOUDSTACK-6508:
-------------------------------------------

    Labels: S1  (was: )

> impossible to list projects from API with domainid set
> ------------------------------------------------------
>
>                 Key: CLOUDSTACK-6508
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6508
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API
>    Affects Versions: 4.2.1, 4.3.0
>            Reporter: ivan derbenev
>            Assignee: Saksham Srivastava
>              Labels: S1
>
> Hello, it's my first issue ever, so sorry if i made smth wrong.
> Today we was trying to setup jCloud module for jenkins, and stuck with error.
> it throws GET request:
> /client/api/?response=json&command=listProjects&listAll=true&account=jenkins&domainid=%domainid%&apiKey=%apikey%&signature=%sig%
> and returns error:
> Can't list domain id= 1 projects; unauthorized
> i have only one ROOT domain, and this user belongs to this domain
> if i go into cloudmonkey and call:
> list projects listall=true account=jenkins domainid=%domainid%
> it throws error too. If i don't use "domainid" attribute, query works properly
> if i call any other api function with "domainid" attribute, query works properly
> i looked into cloudstack sources and found this function:
> https://github.com/apache/cloudstack/blob/master/server/src/com/cloud/api/query/QueryManagerImpl.java
> listProjectsInternal function
> line 1309
>  if (domainId != null && domainId.equals(caller.getDomainId())) {
>                 throw new PermissionDeniedException("Can't list domain id= " + domainId + " projects; unauthorized");
>             }
> so if i understand it well it check whether i provide a domainid and if user belongs to domain with this domainid it throws exception
> I don't think this is how this API function should work.
> Am i mistaken anywhere or this is really a bug?



--
This message was sent by Atlassian JIRA
(v6.2#6252)