Return-Path: X-Original-To: apmail-cloudstack-issues-archive@www.apache.org Delivered-To: apmail-cloudstack-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CCEFB10D39 for ; Fri, 23 May 2014 08:08:01 +0000 (UTC) Received: (qmail 28350 invoked by uid 500); 23 May 2014 08:08:01 -0000 Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org Received: (qmail 28323 invoked by uid 500); 23 May 2014 08:08:01 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 28315 invoked by uid 500); 23 May 2014 08:08:01 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 28312 invoked by uid 99); 23 May 2014 08:08:01 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 May 2014 08:08:01 +0000 Date: Fri, 23 May 2014 08:08:01 +0000 (UTC) From: "ASF subversion and git services (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-6745) DomainAdmin is not able to deploy Vm for users in his domain/subdomain. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-6745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14006959#comment-14006959 ] ASF subversion and git services commented on CLOUDSTACK-6745: ------------------------------------------------------------- Commit f1a586e9be264bb63e2f55fb71bd934760e91c9a in cloudstack's branch refs/heads/4.4 from [~minchen07] [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=f1a586e ] CLOUDSTACK-6745:DomainAdmin is not able to deploy Vm for users in his domain/subdomain. > DomainAdmin is not able to deploy Vm for users in his domain/subdomain. > ----------------------------------------------------------------------- > > Key: CLOUDSTACK-6745 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6745 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: Management Server > Affects Versions: 4.4.0 > Environment: Build from 4.4 > Reporter: Sangeetha Hariharan > Assignee: Min Chen > Priority: Critical > Fix For: 4.4.0 > > > DomainAdmin is not able to deploy Vm for users in his domain/subdomain. > Steps to reproduce the problem: > Create a domain d1. > Create a regular user - d1a > Deploy a VM as user d1a > Create a domain admin user - d1 > As d1 , try to deploy a VM for user - d1a in the isolated network he owns by passing asccount and domainId of d1a. > API fails with the following exception: > "Unable to use network with id= b40ce153-83c6-41f3-905b-90ce22c9ac24, permission denied" > 2014-05-21 13:58:48,162 INFO [a.c.c.a.ApiServer] (catalina-exec-17:ctx-8541fadf ctx-4320442b) (userId=387 accountId=387 sessionId=D51FD2C904EB65D7E1577D9ABAF5AACA) 10.215.2.8 -- GET command=deployVirtualMachine&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a-11e3-ac31-4adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce22c9ac24&displayname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a 531 Unable to use network with id= b40ce153-83c6-41f3-905b-90ce22c9ac24, permission denied > Management server logs: > 2014-05-21 13:58:48,140 DEBUG [c.c.a.ApiServlet] (catalina-exec-17:ctx-8541fadf) ===START=== 10.215.2.8 -- GET command=deployVirtualMachi > ne&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a-11e3-ac31-4 > adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce22c9ac24&dis > playname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a > 2014-05-21 13:58:48,143 DEBUG [o.a.c.a.BaseCmd] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Ignoring paremeter displayvm as the caller is > not authorized to pass it in > 2014-05-21 13:58:48,144 DEBUG [o.a.c.a.BaseCmd] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Ignoring paremeter deploymentplanner as the ca > ller is not authorized to pass it in > 2014-05-21 13:58:48,153 DEBUG [c.c.u.AccountManagerImpl] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Access to Acct[5afd4de2-2a81-4c40-b7e > 7-b5cb139551c1-test-dom1] granted to Acct[f1f9a82e-f931-4f59-bf93-ae83b6e773e6-dom1-admin] by DomainChecker > 2014-05-21 13:58:48,156 DEBUG [c.c.u.AccountManagerImpl] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Access to Acct[5afd4de2-2a81-4c40-b7e > 7-b5cb139551c1-test-dom1] granted to Acct[f1f9a82e-f931-4f59-bf93-ae83b6e773e6-dom1-admin] by DomainChecker > 2014-05-21 13:58:48,161 INFO [c.c.a.ApiServer] (catalina-exec-17:ctx-8541fadf ctx-4320442b) PermissionDenied: Unable to use network with i > d= b40ce153-83c6-41f3-905b-90ce22c9ac24, permission denied on objs: [] > 2014-05-21 13:58:48,162 DEBUG [c.c.a.ApiServlet] (catalina-exec-17:ctx-8541fadf ctx-4320442b) ===END=== 10.215.2.8 -- GET command=deployV > irtualMachine&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a- > 11e3-ac31-4adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce2 > 2c9ac24&displayname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a -- This message was sent by Atlassian JIRA (v6.2#6252)