Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cloudstack.apache.org
Date: Thu, 11 Jul 2013 08:27:57 +0000 (UTC)
From: "ASF subversion and git services (JIRA)" <jira@apache.org>
To: cloudstack-issues@incubator.apache.org
Message-ID: <JIRA.12657063.1373458298893.31568.1373531277280@arcas>
In-Reply-To: <JIRA.12657063.1373458298893@arcas>
References: <JIRA.12657063.1373458298893@arcas>
Subject: [jira] [Commented] (CLOUDSTACK-3447) addnictovm command fails when
 user tries to add another nic in projects
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/CLOUDSTACK-3447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13705592#comment-13705592 ] 

ASF subversion and git services commented on CLOUDSTACK-3447:
-------------------------------------------------------------

Commit f54f012e66d6a67948abeb50215bbdcc58c0251b in branch refs/heads/master-6-17-stable from [~likithas]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=f54f012 ]

CLOUDSTACK-3447. CLOUDSTACK-3448.
Correct the access check on networks in APIs addNicToVM and removeNicFromVM

                
> addnictovm command fails when user tries to add another nic in projects
> -----------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-3447
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3447
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.2.0
>         Environment: build:
>            Reporter: shweta agarwal
>            Assignee: Likitha Shetty
>            Priority: Critical
>             Fix For: 4.2.0
>
>
> Repro steps:
> 1. Create a domain
> 2. Create a account in that domain
> 3. Create a project in that domain
> 4.Create a VM in the project
> 5. Create a new network in that project
> 6. Add this network to the VM  created in the Project
> BUG:
> Gets error message:
> Unable to modify a vm using network with id 215, permission denied
> API:
> http://10.147.38.141:8080/client/api?command=addNicToVirtualMachine&response=json&sessionkey=wr4cbYy58%2BZqNa1rJq94MF0X0Iw%3D&projectid=7a85c310-193d-4384-b0e4-2a078b30932d&virtualmachineid=4d97967c-ac2e-4cbc-bb6c-47ed532a4896&networkid=028f1b1b-d4bf-43a6-afcd-a6fe05f68b87&_=1373458025592
> Response:
> { "queryasyncjobresultresponse" : {"accountid":"c2e8ac5d-e168-4f6f-a88b-7f4d43a0f18e","userid":"3520753d-1b8f-4286-975d-b7bd5b415468","cmd":"org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd","jobstatus":2,"jobprocstatus":0,"jobresultcode":530,"jobresulttype":"object","jobresult":{"errorcode":530,"errortext":"Unable to modify a vm using network with id 215, permission denied"},"created":"2013-07-10T17:37:06+0530","jobid":"becc8300-fb4b-45fa-9960-2f16b53f0d75"} }
> MS log Shows :
> 2013-07-10 17:33:57,201 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-25:null) submit async job-46, details: AsyncJobVO {id:46, userId: 3, accountId: 3, sessionKey: null, instanceType: None, instanceId: null, cmd: org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd, cmdOriginator: null, cmdInfo: {"response":"json","sessionkey":"wr4cbYy58+ZqNa1rJq94MF0X0Iw\u003d","virtualmachineid":"4d97967c-ac2e-4cbc-bb6c-47ed532a4896","ctxUserId":"3","httpmethod":"GET","_":"1373457836432","projectid":"7a85c310-193d-4384-b0e4-2a078b30932d","ctxAccountId":"3","networkid":"028f1b1b-d4bf-43a6-afcd-a6fe05f68b87","ctxStartEventId":"206"}, cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processStatus: 0, resultCode: 0, result: null, initMsid: 7159676928023, completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
> 2013-07-10 17:33:57,205 DEBUG [cloud.api.ApiServlet] (catalina-exec-25:null) ===END===  10.146.0.132 -- GET  command=addNicToVirtualMachine&response=json&sessionkey=wr4cbYy58%2BZqNa1rJq94MF0X0Iw%3D&projectid=7a85c310-193d-4384-b0e4-2a078b30932d&virtualmachineid=4d97967c-ac2e-4cbc-bb6c-47ed532a4896&networkid=028f1b1b-d4bf-43a6-afcd-a6fe05f68b87&_=1373457836432
> 2013-07-10 17:33:57,209 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-14:job-46) Executing org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd for job-46
> 2013-07-10 17:33:57,243 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-14:job-46) Access to VM[User|4d97967c-ac2e-4cbc-bb6c-47ed532a4896] granted to Acct[3-shweta] by DomainChecker_EnhancerByCloudStack_5fedb7bf
> 2013-07-10 17:33:57,248 ERROR [cloud.async.AsyncJobManagerImpl] (Job-Executor-14:job-46) Unexpected exception while executing org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd
> com.cloud.exception.PermissionDeniedException: Unable to modify a vm using network with id 215, permission denied
>         at com.cloud.vm.UserVmManagerImpl.addNicToVirtualMachine(UserVmManagerImpl.java:867)
>         at org.apache.cloudstack.api.command.user.vm.AddNicToVMCmd.execute(AddNicToVMCmd.java:109)
>         at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155)
>         at com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
>         at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
>         at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:166)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>         at java.lang.Thread.run(Thread.java:679)
> 2013-07-10 17:33:57,249 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-14:job-46) Complete async job-46, jobStatus: 2, resultCode: 530, result: Error Code: 530 Error text: Unable to modify a vm using network with id 215, permission denied
> 2013-07-10 17:34:00,250 DEBUG [cloud.api.ApiServlet] (catalina-exec-5:null) ===START===  10.146.0.132 -- GET  command=queryAsyncJobResult&jobId=953ae134-0af1-43fd-8cb9-2125fe5fa297&response=json&sessionkey=wr4cbYy58%2BZqNa1rJq94MF0X0Iw%3D&projectid=7a85c310-193d-4384-b0e4-2a078b30932d&_=1373457839579
> 2013-07-10 17:34:00,271 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-5:null) Async job-46 completed
> 2013-07-10 17:34:00,280 DEBUG [cloud.api.ApiServlet] (catalina-exec-5:null) ===END===  10.146.0.132 -- GET  command=queryAsyncJobResult&jobId=953ae134-0af1-43fd-8cb9-2125fe5fa297&response=json&sessionkey=wr4cbYy58%2BZqNa1rJq94MF0X0Iw%3D&projectid=7a85c310-193d-4384-b0e4-2a078b30932d&_=1373457839579

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira