You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Sangeetha Hariharan (JIRA)" <ji...@apache.org> on 2014/06/12 22:53:02 UTC
[jira] [Closed] (CLOUDSTACK-6745) DomainAdmin is not able to deploy
Vm for users in his domain/subdomain.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sangeetha Hariharan closed CLOUDSTACK-6745.
-------------------------------------------
Tested with latest build from 4.4-forward branch.
DomainAdmin is able to deploy Vm for users in his domain/subdomain by passing their account name and domain Id in account and domainId parameter.
> DomainAdmin is not able to deploy Vm for users in his domain/subdomain.
> -----------------------------------------------------------------------
>
> Key: CLOUDSTACK-6745
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6745
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Management Server
> Affects Versions: 4.4.0
> Environment: Build from 4.4
> Reporter: Sangeetha Hariharan
> Assignee: Min Chen
> Priority: Critical
> Fix For: 4.4.0
>
>
> DomainAdmin is not able to deploy Vm for users in his domain/subdomain.
> Steps to reproduce the problem:
> Create a domain d1.
> Create a regular user - d1a
> Deploy a VM as user d1a
> Create a domain admin user - d1
> As d1 , try to deploy a VM for user - d1a in the isolated network he owns by passing asccount and domainId of d1a.
> API fails with the following exception:
> "Unable to use network with id= b40ce153-83c6-41f3-905b-90ce22c9ac24, permission denied"
> 2014-05-21 13:58:48,162 INFO [a.c.c.a.ApiServer] (catalina-exec-17:ctx-8541fadf ctx-4320442b) (userId=387 accountId=387 sessionId=D51FD2C904EB65D7E1577D9ABAF5AACA) 10.215.2.8 -- GET command=deployVirtualMachine&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a-11e3-ac31-4adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce22c9ac24&displayname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a 531 Unable to use network with id= b40ce153-83c6-41f3-905b-90ce22c9ac24, permission denied
> Management server logs:
> 2014-05-21 13:58:48,140 DEBUG [c.c.a.ApiServlet] (catalina-exec-17:ctx-8541fadf) ===START=== 10.215.2.8 -- GET command=deployVirtualMachi
> ne&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a-11e3-ac31-4
> adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce22c9ac24&dis
> playname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a
> 2014-05-21 13:58:48,143 DEBUG [o.a.c.a.BaseCmd] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Ignoring paremeter displayvm as the caller is
> not authorized to pass it in
> 2014-05-21 13:58:48,144 DEBUG [o.a.c.a.BaseCmd] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Ignoring paremeter deploymentplanner as the ca
> ller is not authorized to pass it in
> 2014-05-21 13:58:48,153 DEBUG [c.c.u.AccountManagerImpl] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Access to Acct[5afd4de2-2a81-4c40-b7e
> 7-b5cb139551c1-test-dom1] granted to Acct[f1f9a82e-f931-4f59-bf93-ae83b6e773e6-dom1-admin] by DomainChecker
> 2014-05-21 13:58:48,156 DEBUG [c.c.u.AccountManagerImpl] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Access to Acct[5afd4de2-2a81-4c40-b7e
> 7-b5cb139551c1-test-dom1] granted to Acct[f1f9a82e-f931-4f59-bf93-ae83b6e773e6-dom1-admin] by DomainChecker
> 2014-05-21 13:58:48,161 INFO [c.c.a.ApiServer] (catalina-exec-17:ctx-8541fadf ctx-4320442b) PermissionDenied: Unable to use network with i
> d= b40ce153-83c6-41f3-905b-90ce22c9ac24, permission denied on objs: []
> 2014-05-21 13:58:48,162 DEBUG [c.c.a.ApiServlet] (catalina-exec-17:ctx-8541fadf ctx-4320442b) ===END=== 10.215.2.8 -- GET command=deployV
> irtualMachine&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a-
> 11e3-ac31-4adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce2
> 2c9ac24&displayname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a
--
This message was sent by Atlassian JIRA
(v6.2#6252)