cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Min Chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8077) Not able to deploy VM using a shared template.
Date Wed, 17 Dec 2014 19:16:13 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14250342#comment-14250342
] 

Min Chen commented on CLOUDSTACK-8077:
--------------------------------------

In service layer, we incorrectly perform template permission check by checking if VM owner
has permission to the template owner, which caused the error. Instead we should perform permission
by checking if VM owner has permission to the template. Fixed with above commit.

> Not able to deploy VM using a shared template.
> ----------------------------------------------
>
>                 Key: CLOUDSTACK-8077
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8077
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: IAM
>    Affects Versions: 4.4.0
>            Reporter: Min Chen
>            Assignee: Min Chen
>            Priority: Critical
>             Fix For: 4.5.0
>
>
> Steps to reproduce the problem:
> Create 2 users under ROOT - san1 and san2
> As san1:
> 1. Register a template(private)
> 2. Update template permission , so that it is shared with san2.
> 3. Listing template permission , shows that this template is shared with san2.
> 4. As san2 , Listing templates with templatefilter=shared , lists template test1 that
was shared with san2.
> 5. As use san2 , try to deploy VM using the shared template - test1.
> This errors out following error message and return code- 531
> "Acct[c4c843e4-98a4-4384-9410-281243dfaa88-san2] does not have permission to operate
with resource Acct[08dd8e5e-bb06-40fc-9a94-9eed073a358a-san1]"



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message