incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sangeetha Hariharan (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-1418) As regular user , we are not allowed to deploy VM on a shared network.
Date Wed, 27 Feb 2013 01:05:11 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-1418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sangeetha Hariharan updated CLOUDSTACK-1418:
--------------------------------------------

    Description: 
Steps to reproduce the problem:

Set up - Advanced zone.

Create a shared network with acltype set to "domain".


2013-02-26 13:56:24,335 INFO  [cloud.api.ApiServer] (catalina-exec-24:null) (userId=2 accountId=2
sessionId=029D24A96FE3B77FBC2C31873D09B594) 10.216.50.206 -- GET command=createNetwork&zoneId=755b2735-6bb2-4778-a37b-f96a8f66a571&networkOfferingId=b6434ba6-7a43-4504-be22-3903279f59ef&physicalnetworkid=2388ee68-2aa8-4a1b-99e2-6f0fa869c145&name=test1362&displayText=test1362&vlan=1362&acltype=domain&ip6gateway=FC00:3:1362::1&ip6cidr=FC00:3:1362::1/64&startipv6=FC00:3:1362::2&endipv6=FC00:3:1362::FFFF:FFFF:FFFF:FFFF&networkdomain=hello1362&response=json&sessionkey=3fceZn%2B25ajs1zG25XlIYoX1zX0%3D
200 { "createnetworkresponse" :  { "network" : {"id":"c07d47d0-4842-40d8-a834-084bd6fdae6c","name":"test1362","displaytext":"test1362","broadcastdomaintype":"Vlan","traffictype":"Guest","zoneid":"755b2735-6bb2-4778-a37b-f96a8f66a571","zonename":"Zone1","networkofferingid":"b6434ba6-7a43-4504-be22-3903279f59ef","networkofferingname":"DefaultSharedNetworkOffering","networkofferingdisplaytext":"Offering
for Shared networks","networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"c07d47d0-4842-40d8-a834-084bd6fdae6c","broadcasturi":"vlan://1362","dns1":"72.52.126.11","dns2":"72.52.126.12","type":"Shared","vlan":"1362","acltype":"Domain","subdomainaccess":true,"domainid":"43233dde-8055-11e2-89d9-06d4460004b1","domain":"ROOT","service":[{"name":"Dhcp"},{"name":"UserData"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]}],"networkdomain":"hello1362","physicalnetworkid":"2388ee68-2aa8-4a1b-99e2-6f0fa869c145","restartrequired":false,"specifyipranges":true,"canusefordeploy":true,"ispersistent":false,"tags":[],"ip6gateway":"fc00:3:1362::1","ip6cidr":"fc00:3:1362::1/64"}
}  }

As regular user , deploy a Vm on the above created network.

It fails with following error message "Acct[3-Test] does not have permission to operate with
resource Ntwk[205|Guest|7" 

2013-02-26 16:18:37,046 INFO  [cloud.api.ApiServer] (catalina-exec-17:null) (userId=3 accountId=3
sessionId=DD6AECB69D1A73F24283429400180430) 10.216.50.206 -- GET command=deployVirtualMachine&zoneId=755b2735-6bb2-4778-a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-40d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460
531 Acct[3-Test] does not have permission to operate with resource Ntwk[205|Guest|7]


Management.log

2013-02-26 16:18:37,032 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===START=== 
10.216.50.206 -- GET  command=deployVirtualMachine&zoneId=755b2735-6bb2-47
78-a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-
40d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460
2013-02-26 16:18:37,037 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-17:null) InfrastructureEntity
name is:com.cloud.offering.ServiceOffering
2013-02-26 16:18:37,037 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-17:null) ControlledEntity
name is:com.cloud.template.VirtualMachineTemplate
2013-02-26 16:18:37,039 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-17:null) ControlledEntity
name is:com.cloud.network.Network
2013-02-26 16:18:37,041 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null) Access
to Acct[3-Test] granted to Acct[3-Test] by DomainChecker
2013-02-26 16:18:37,042 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null) Access
to Acct[3-Test] granted to Acct[3-Test] by DomainChecker
2013-02-26 16:18:37,044 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null) Access
to Tmpl[202-QCOW2-202-2-954c72e3-d894-34df-8cd5-1752479b13a0 granted to
 Acct[3-Test] by DomainChecker
2013-02-26 16:18:37,045 INFO  [cloud.api.ApiServer] (catalina-exec-17:null) PermissionDenied:
Acct[3-Test] does not have permission to operate with resource Ntwk[20
5|Guest|7] on uuids: []
2013-02-26 16:18:37,046 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===END===  10.216.50.206
-- GET  command=deployVirtualMachine&zoneId=755b2735-6bb2-4778
-a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-40
d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460


DB entries:


mysql> select * from user;
+----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
| id | uuid                                 | username | password                        
| account_id | firstname | lastname | email        | state   | api_key | secret_key | created
            | removed | timezone         | registration_token | is_registered | incorrect_login_attempts
| region_id |
+----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
|  1 | 6062b550-8055-11e2-89d9-06d4460004b1 | system   | 0.298628012927834               
|          1 | system    | cloud    | NULL         | enabled | NULL    | NULL       | 2013-02-26
12:44:55 | NULL    | NULL             | NULL               |             0 |             
          0 |         1 |
|  2 | 606385fc-8055-11e2-89d9-06d4460004b1 | admin    | 5f4dcc3b5aa765d61d8327deb882cf99
|          2 | admin     | cloud    | NULL         | enabled | NULL    | NULL       | 2013-02-26
12:44:55 | NULL    | NULL             | NULL               |             0 |             
          0 |         1 |
|  3 | b7b44191-0cdd-4364-be42-e98932f62237 | Test     | 0cbc6611f5540bd0809a388dc95a615b
|          3 | Test      | Test     | Test@abc.com | enabled | NULL    | NULL       | 2013-02-26
22:37:38 | NULL    | Mexico/BajaNorte | NULL               |             0 |             
          0 |         1 |
+----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
3 rows in set (0.00 sec)

mysql> select * from account;
+----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
| id | account_name | uuid                                 | type | domain_id | state   |
removed | cleanup_needed | network_domain | default_zone_id | region_id |
+----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
|  1 | system       | 606228e2-8055-11e2-89d9-06d4460004b1 |    1 |         1 | enabled |
NULL    |              0 | NULL           |            NULL |         1 |
|  2 | admin        | 60631db0-8055-11e2-89d9-06d4460004b1 |    1 |         1 | enabled |
NULL    |              0 | NULL           |            NULL |         1 |
|  3 | Test         | 6c199311-8604-4c96-a661-b04ed3f42b58 |    0 |         1 | enabled |
NULL    |              0 | NULL           |            NULL |         1 |
+----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
3 rows in set (0.00 sec)

mysql> select * from networks;
+-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
| id  | name     | uuid                                 | display_text | traffic_type | broadcast_domain_type
| broadcast_uri | gateway       | cidr             | mode   | network_offering_id | physical_network_id
| data_center_id | guru_name           | state | related | domain_id | account_id | dns1 |
dns2 | guru_data | set_fields | acl_type | network_domain | reservation_id | guest_type |
restart_required | created             | removed | specify_ip_ranges | vpc_id | ip6_gateway
   | ip6_cidr          |
+-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
| 200 | NULL     | 179745b1-e874-44e6-84f8-35fb57050e07 | NULL         | Public       | Vlan
                 | NULL          | NULL          | NULL             | Static |           
       1 |                NULL |              1 | PublicNetworkGuru   | Setup |     200 |
        1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL          
| NULL           | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |       
         1 |   NULL | NULL           | NULL              |
| 201 | NULL     | 6b555566-ddbd-4475-9870-c945555e7179 | NULL         | Management   | Native
               | NULL          | NULL          | NULL             | Static |             
     2 |                NULL |              1 | PodBasedNetworkGuru | Setup |     201 |  
      1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL           |
NULL           | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |         
       0 |   NULL | NULL           | NULL              |
| 202 | NULL     | bd1d3568-9cf6-4ba6-b054-d91348b7ae29 | NULL         | Control      | LinkLocal
            | NULL          | 169.254.0.1   | 169.254.0.0/16   | Static |                
  3 |                NULL |              1 | ControlNetworkGuru  | Setup |     202 |     
   1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL           | NULL
          | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |              
  0 |   NULL | NULL           | NULL              |
| 203 | NULL     | 132c91d1-e224-4359-98ee-cb387962040a | NULL         | Storage      | Native
               | NULL          | NULL          | NULL             | Static |             
     4 |                NULL |              1 | StorageNetworkGuru  | Setup |     203 |  
      1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL           |
NULL           | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |         
       1 |   NULL | NULL           | NULL              |
| 204 | test1361 | 28376fd3-e531-4b2e-84e2-cba72c8e81ba | test1361     | Guest        | Vlan
                 | vlan://1361   | 10.223.136.65 | 10.223.136.64/26 | Dhcp   |           
       7 |                 200 |              1 | DirectNetworkGuru   | Setup |     204 |
        1 |          1 | NULL | NULL | NULL      |          0 | Domain   | hello1361     
| NULL           | Shared     |                0 | 2013-02-26 21:51:41 | NULL    |       
         1 |   NULL | fc00:3:1361::1 | fc00:3:1361::1/64 |
| 205 | test1362 | c07d47d0-4842-40d8-a834-084bd6fdae6c | test1362     | Guest        | Vlan
                 | vlan://1362   | NULL          | NULL             | Dhcp   |           
       7 |                 200 |              1 | DirectNetworkGuru   | Setup |     205 |
        1 |          1 | NULL | NULL | NULL      |          0 | Domain   | hello1362     
| NULL           | Shared     |                0 | 2013-02-26 21:56:24 | NULL    |       
         1 |   NULL | fc00:3:1362::1 | fc00:3:1362::1/64 |
+-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
6 rows in set (0.00 sec)


  was:
Steps to reproduce the problem:

Create a shared network with acltype set to "domain".


2013-02-26 13:56:24,335 INFO  [cloud.api.ApiServer] (catalina-exec-24:null) (userId=2 accountId=2
sessionId=029D24A96FE3B77FBC2C31873D09B594) 10.216.50.206 -- GET command=createNetwork&zoneId=755b2735-6bb2-4778-a37b-f96a8f66a571&networkOfferingId=b6434ba6-7a43-4504-be22-3903279f59ef&physicalnetworkid=2388ee68-2aa8-4a1b-99e2-6f0fa869c145&name=test1362&displayText=test1362&vlan=1362&acltype=domain&ip6gateway=FC00:3:1362::1&ip6cidr=FC00:3:1362::1/64&startipv6=FC00:3:1362::2&endipv6=FC00:3:1362::FFFF:FFFF:FFFF:FFFF&networkdomain=hello1362&response=json&sessionkey=3fceZn%2B25ajs1zG25XlIYoX1zX0%3D
200 { "createnetworkresponse" :  { "network" : {"id":"c07d47d0-4842-40d8-a834-084bd6fdae6c","name":"test1362","displaytext":"test1362","broadcastdomaintype":"Vlan","traffictype":"Guest","zoneid":"755b2735-6bb2-4778-a37b-f96a8f66a571","zonename":"Zone1","networkofferingid":"b6434ba6-7a43-4504-be22-3903279f59ef","networkofferingname":"DefaultSharedNetworkOffering","networkofferingdisplaytext":"Offering
for Shared networks","networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"c07d47d0-4842-40d8-a834-084bd6fdae6c","broadcasturi":"vlan://1362","dns1":"72.52.126.11","dns2":"72.52.126.12","type":"Shared","vlan":"1362","acltype":"Domain","subdomainaccess":true,"domainid":"43233dde-8055-11e2-89d9-06d4460004b1","domain":"ROOT","service":[{"name":"Dhcp"},{"name":"UserData"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]}],"networkdomain":"hello1362","physicalnetworkid":"2388ee68-2aa8-4a1b-99e2-6f0fa869c145","restartrequired":false,"specifyipranges":true,"canusefordeploy":true,"ispersistent":false,"tags":[],"ip6gateway":"fc00:3:1362::1","ip6cidr":"fc00:3:1362::1/64"}
}  }

As regular user , deploy a Vm on the above created network.

It fails with following error message "Acct[3-Test] does not have permission to operate with
resource Ntwk[205|Guest|7" 

2013-02-26 16:18:37,046 INFO  [cloud.api.ApiServer] (catalina-exec-17:null) (userId=3 accountId=3
sessionId=DD6AECB69D1A73F24283429400180430) 10.216.50.206 -- GET command=deployVirtualMachine&zoneId=755b2735-6bb2-4778-a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-40d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460
531 Acct[3-Test] does not have permission to operate with resource Ntwk[205|Guest|7]


Management.log

2013-02-26 16:18:37,032 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===START=== 
10.216.50.206 -- GET  command=deployVirtualMachine&zoneId=755b2735-6bb2-47
78-a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-
40d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460
2013-02-26 16:18:37,037 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-17:null) InfrastructureEntity
name is:com.cloud.offering.ServiceOffering
2013-02-26 16:18:37,037 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-17:null) ControlledEntity
name is:com.cloud.template.VirtualMachineTemplate
2013-02-26 16:18:37,039 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-17:null) ControlledEntity
name is:com.cloud.network.Network
2013-02-26 16:18:37,041 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null) Access
to Acct[3-Test] granted to Acct[3-Test] by DomainChecker
2013-02-26 16:18:37,042 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null) Access
to Acct[3-Test] granted to Acct[3-Test] by DomainChecker
2013-02-26 16:18:37,044 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null) Access
to Tmpl[202-QCOW2-202-2-954c72e3-d894-34df-8cd5-1752479b13a0 granted to
 Acct[3-Test] by DomainChecker
2013-02-26 16:18:37,045 INFO  [cloud.api.ApiServer] (catalina-exec-17:null) PermissionDenied:
Acct[3-Test] does not have permission to operate with resource Ntwk[20
5|Guest|7] on uuids: []
2013-02-26 16:18:37,046 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===END===  10.216.50.206
-- GET  command=deployVirtualMachine&zoneId=755b2735-6bb2-4778
-a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-40
d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460


DB entries:


mysql> select * from user;
+----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
| id | uuid                                 | username | password                        
| account_id | firstname | lastname | email        | state   | api_key | secret_key | created
            | removed | timezone         | registration_token | is_registered | incorrect_login_attempts
| region_id |
+----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
|  1 | 6062b550-8055-11e2-89d9-06d4460004b1 | system   | 0.298628012927834               
|          1 | system    | cloud    | NULL         | enabled | NULL    | NULL       | 2013-02-26
12:44:55 | NULL    | NULL             | NULL               |             0 |             
          0 |         1 |
|  2 | 606385fc-8055-11e2-89d9-06d4460004b1 | admin    | 5f4dcc3b5aa765d61d8327deb882cf99
|          2 | admin     | cloud    | NULL         | enabled | NULL    | NULL       | 2013-02-26
12:44:55 | NULL    | NULL             | NULL               |             0 |             
          0 |         1 |
|  3 | b7b44191-0cdd-4364-be42-e98932f62237 | Test     | 0cbc6611f5540bd0809a388dc95a615b
|          3 | Test      | Test     | Test@abc.com | enabled | NULL    | NULL       | 2013-02-26
22:37:38 | NULL    | Mexico/BajaNorte | NULL               |             0 |             
          0 |         1 |
+----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
3 rows in set (0.00 sec)

mysql> select * from account;
+----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
| id | account_name | uuid                                 | type | domain_id | state   |
removed | cleanup_needed | network_domain | default_zone_id | region_id |
+----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
|  1 | system       | 606228e2-8055-11e2-89d9-06d4460004b1 |    1 |         1 | enabled |
NULL    |              0 | NULL           |            NULL |         1 |
|  2 | admin        | 60631db0-8055-11e2-89d9-06d4460004b1 |    1 |         1 | enabled |
NULL    |              0 | NULL           |            NULL |         1 |
|  3 | Test         | 6c199311-8604-4c96-a661-b04ed3f42b58 |    0 |         1 | enabled |
NULL    |              0 | NULL           |            NULL |         1 |
+----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
3 rows in set (0.00 sec)

mysql> select * from networks;
+-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
| id  | name     | uuid                                 | display_text | traffic_type | broadcast_domain_type
| broadcast_uri | gateway       | cidr             | mode   | network_offering_id | physical_network_id
| data_center_id | guru_name           | state | related | domain_id | account_id | dns1 |
dns2 | guru_data | set_fields | acl_type | network_domain | reservation_id | guest_type |
restart_required | created             | removed | specify_ip_ranges | vpc_id | ip6_gateway
   | ip6_cidr          |
+-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
| 200 | NULL     | 179745b1-e874-44e6-84f8-35fb57050e07 | NULL         | Public       | Vlan
                 | NULL          | NULL          | NULL             | Static |           
       1 |                NULL |              1 | PublicNetworkGuru   | Setup |     200 |
        1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL          
| NULL           | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |       
         1 |   NULL | NULL           | NULL              |
| 201 | NULL     | 6b555566-ddbd-4475-9870-c945555e7179 | NULL         | Management   | Native
               | NULL          | NULL          | NULL             | Static |             
     2 |                NULL |              1 | PodBasedNetworkGuru | Setup |     201 |  
      1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL           |
NULL           | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |         
       0 |   NULL | NULL           | NULL              |
| 202 | NULL     | bd1d3568-9cf6-4ba6-b054-d91348b7ae29 | NULL         | Control      | LinkLocal
            | NULL          | 169.254.0.1   | 169.254.0.0/16   | Static |                
  3 |                NULL |              1 | ControlNetworkGuru  | Setup |     202 |     
   1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL           | NULL
          | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |              
  0 |   NULL | NULL           | NULL              |
| 203 | NULL     | 132c91d1-e224-4359-98ee-cb387962040a | NULL         | Storage      | Native
               | NULL          | NULL          | NULL             | Static |             
     4 |                NULL |              1 | StorageNetworkGuru  | Setup |     203 |  
      1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL           |
NULL           | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |         
       1 |   NULL | NULL           | NULL              |
| 204 | test1361 | 28376fd3-e531-4b2e-84e2-cba72c8e81ba | test1361     | Guest        | Vlan
                 | vlan://1361   | 10.223.136.65 | 10.223.136.64/26 | Dhcp   |           
       7 |                 200 |              1 | DirectNetworkGuru   | Setup |     204 |
        1 |          1 | NULL | NULL | NULL      |          0 | Domain   | hello1361     
| NULL           | Shared     |                0 | 2013-02-26 21:51:41 | NULL    |       
         1 |   NULL | fc00:3:1361::1 | fc00:3:1361::1/64 |
| 205 | test1362 | c07d47d0-4842-40d8-a834-084bd6fdae6c | test1362     | Guest        | Vlan
                 | vlan://1362   | NULL          | NULL             | Dhcp   |           
       7 |                 200 |              1 | DirectNetworkGuru   | Setup |     205 |
        1 |          1 | NULL | NULL | NULL      |          0 | Domain   | hello1362     
| NULL           | Shared     |                0 | 2013-02-26 21:56:24 | NULL    |       
         1 |   NULL | fc00:3:1362::1 | fc00:3:1362::1/64 |
+-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
6 rows in set (0.00 sec)


    
> As regular user , we are not allowed to deploy VM on a shared network. 
> -----------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-1418
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1418
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.1.0
>         Environment: Build from 4.1 branch built on 2/26
>            Reporter: Sangeetha Hariharan
>            Assignee: Prachi Damle
>            Priority: Critical
>             Fix For: 4.1.0
>
>
> Steps to reproduce the problem:
> Set up - Advanced zone.
> Create a shared network with acltype set to "domain".
> 2013-02-26 13:56:24,335 INFO  [cloud.api.ApiServer] (catalina-exec-24:null) (userId=2
accountId=2 sessionId=029D24A96FE3B77FBC2C31873D09B594) 10.216.50.206 -- GET command=createNetwork&zoneId=755b2735-6bb2-4778-a37b-f96a8f66a571&networkOfferingId=b6434ba6-7a43-4504-be22-3903279f59ef&physicalnetworkid=2388ee68-2aa8-4a1b-99e2-6f0fa869c145&name=test1362&displayText=test1362&vlan=1362&acltype=domain&ip6gateway=FC00:3:1362::1&ip6cidr=FC00:3:1362::1/64&startipv6=FC00:3:1362::2&endipv6=FC00:3:1362::FFFF:FFFF:FFFF:FFFF&networkdomain=hello1362&response=json&sessionkey=3fceZn%2B25ajs1zG25XlIYoX1zX0%3D
200 { "createnetworkresponse" :  { "network" : {"id":"c07d47d0-4842-40d8-a834-084bd6fdae6c","name":"test1362","displaytext":"test1362","broadcastdomaintype":"Vlan","traffictype":"Guest","zoneid":"755b2735-6bb2-4778-a37b-f96a8f66a571","zonename":"Zone1","networkofferingid":"b6434ba6-7a43-4504-be22-3903279f59ef","networkofferingname":"DefaultSharedNetworkOffering","networkofferingdisplaytext":"Offering
for Shared networks","networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"c07d47d0-4842-40d8-a834-084bd6fdae6c","broadcasturi":"vlan://1362","dns1":"72.52.126.11","dns2":"72.52.126.12","type":"Shared","vlan":"1362","acltype":"Domain","subdomainaccess":true,"domainid":"43233dde-8055-11e2-89d9-06d4460004b1","domain":"ROOT","service":[{"name":"Dhcp"},{"name":"UserData"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]}],"networkdomain":"hello1362","physicalnetworkid":"2388ee68-2aa8-4a1b-99e2-6f0fa869c145","restartrequired":false,"specifyipranges":true,"canusefordeploy":true,"ispersistent":false,"tags":[],"ip6gateway":"fc00:3:1362::1","ip6cidr":"fc00:3:1362::1/64"}
}  }
> As regular user , deploy a Vm on the above created network.
> It fails with following error message "Acct[3-Test] does not have permission to operate
with resource Ntwk[205|Guest|7" 
> 2013-02-26 16:18:37,046 INFO  [cloud.api.ApiServer] (catalina-exec-17:null) (userId=3
accountId=3 sessionId=DD6AECB69D1A73F24283429400180430) 10.216.50.206 -- GET command=deployVirtualMachine&zoneId=755b2735-6bb2-4778-a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-40d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460
531 Acct[3-Test] does not have permission to operate with resource Ntwk[205|Guest|7]
> Management.log
> 2013-02-26 16:18:37,032 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===START===
 10.216.50.206 -- GET  command=deployVirtualMachine&zoneId=755b2735-6bb2-47
> 78-a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-
> 40d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460
> 2013-02-26 16:18:37,037 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-17:null) InfrastructureEntity
name is:com.cloud.offering.ServiceOffering
> 2013-02-26 16:18:37,037 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-17:null) ControlledEntity
name is:com.cloud.template.VirtualMachineTemplate
> 2013-02-26 16:18:37,039 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-17:null) ControlledEntity
name is:com.cloud.network.Network
> 2013-02-26 16:18:37,041 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null)
Access to Acct[3-Test] granted to Acct[3-Test] by DomainChecker
> 2013-02-26 16:18:37,042 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null)
Access to Acct[3-Test] granted to Acct[3-Test] by DomainChecker
> 2013-02-26 16:18:37,044 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-17:null)
Access to Tmpl[202-QCOW2-202-2-954c72e3-d894-34df-8cd5-1752479b13a0 granted to
>  Acct[3-Test] by DomainChecker
> 2013-02-26 16:18:37,045 INFO  [cloud.api.ApiServer] (catalina-exec-17:null) PermissionDenied:
Acct[3-Test] does not have permission to operate with resource Ntwk[20
> 5|Guest|7] on uuids: []
> 2013-02-26 16:18:37,046 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null) ===END===
 10.216.50.206 -- GET  command=deployVirtualMachine&zoneId=755b2735-6bb2-4778
> -a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-40
> d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460
> DB entries:
> mysql> select * from user;
> +----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
> | id | uuid                                 | username | password                   
     | account_id | firstname | lastname | email        | state   | api_key | secret_key |
created             | removed | timezone         | registration_token | is_registered | incorrect_login_attempts
| region_id |
> +----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
> |  1 | 6062b550-8055-11e2-89d9-06d4460004b1 | system   | 0.298628012927834          
     |          1 | system    | cloud    | NULL         | enabled | NULL    | NULL       |
2013-02-26 12:44:55 | NULL    | NULL             | NULL               |             0 |  
                     0 |         1 |
> |  2 | 606385fc-8055-11e2-89d9-06d4460004b1 | admin    | 5f4dcc3b5aa765d61d8327deb882cf99
|          2 | admin     | cloud    | NULL         | enabled | NULL    | NULL       | 2013-02-26
12:44:55 | NULL    | NULL             | NULL               |             0 |             
          0 |         1 |
> |  3 | b7b44191-0cdd-4364-be42-e98932f62237 | Test     | 0cbc6611f5540bd0809a388dc95a615b
|          3 | Test      | Test     | Test@abc.com | enabled | NULL    | NULL       | 2013-02-26
22:37:38 | NULL    | Mexico/BajaNorte | NULL               |             0 |             
          0 |         1 |
> +----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
> 3 rows in set (0.00 sec)
> mysql> select * from account;
> +----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
> | id | account_name | uuid                                 | type | domain_id | state
  | removed | cleanup_needed | network_domain | default_zone_id | region_id |
> +----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
> |  1 | system       | 606228e2-8055-11e2-89d9-06d4460004b1 |    1 |         1 | enabled
| NULL    |              0 | NULL           |            NULL |         1 |
> |  2 | admin        | 60631db0-8055-11e2-89d9-06d4460004b1 |    1 |         1 | enabled
| NULL    |              0 | NULL           |            NULL |         1 |
> |  3 | Test         | 6c199311-8604-4c96-a661-b04ed3f42b58 |    0 |         1 | enabled
| NULL    |              0 | NULL           |            NULL |         1 |
> +----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
> 3 rows in set (0.00 sec)
> mysql> select * from networks;
> +-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
> | id  | name     | uuid                                 | display_text | traffic_type
| broadcast_domain_type | broadcast_uri | gateway       | cidr             | mode   | network_offering_id
| physical_network_id | data_center_id | guru_name           | state | related | domain_id
| account_id | dns1 | dns2 | guru_data | set_fields | acl_type | network_domain | reservation_id
| guest_type | restart_required | created             | removed | specify_ip_ranges | vpc_id
| ip6_gateway    | ip6_cidr          |
> +-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
> | 200 | NULL     | 179745b1-e874-44e6-84f8-35fb57050e07 | NULL         | Public     
 | Vlan                  | NULL          | NULL          | NULL             | Static |   
               1 |                NULL |              1 | PublicNetworkGuru   | Setup |  
  200 |         1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL  
        | NULL           | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |
                1 |   NULL | NULL           | NULL              |
> | 201 | NULL     | 6b555566-ddbd-4475-9870-c945555e7179 | NULL         | Management 
 | Native                | NULL          | NULL          | NULL             | Static |   
               2 |                NULL |              1 | PodBasedNetworkGuru | Setup |  
  201 |         1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL  
        | NULL           | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |
                0 |   NULL | NULL           | NULL              |
> | 202 | NULL     | bd1d3568-9cf6-4ba6-b054-d91348b7ae29 | NULL         | Control    
 | LinkLocal             | NULL          | 169.254.0.1   | 169.254.0.0/16   | Static |   
               3 |                NULL |              1 | ControlNetworkGuru  | Setup |  
  202 |         1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL  
        | NULL           | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |
                0 |   NULL | NULL           | NULL              |
> | 203 | NULL     | 132c91d1-e224-4359-98ee-cb387962040a | NULL         | Storage    
 | Native                | NULL          | NULL          | NULL             | Static |   
               4 |                NULL |              1 | StorageNetworkGuru  | Setup |  
  203 |         1 |          1 | NULL | NULL | NULL      |          0 | NULL     | NULL  
        | NULL           | NULL       |                0 | 2013-02-26 21:34:37 | NULL    |
                1 |   NULL | NULL           | NULL              |
> | 204 | test1361 | 28376fd3-e531-4b2e-84e2-cba72c8e81ba | test1361     | Guest      
 | Vlan                  | vlan://1361   | 10.223.136.65 | 10.223.136.64/26 | Dhcp   |   
               7 |                 200 |              1 | DirectNetworkGuru   | Setup |  
  204 |         1 |          1 | NULL | NULL | NULL      |          0 | Domain   | hello1361
     | NULL           | Shared     |                0 | 2013-02-26 21:51:41 | NULL    |  
              1 |   NULL | fc00:3:1361::1 | fc00:3:1361::1/64 |
> | 205 | test1362 | c07d47d0-4842-40d8-a834-084bd6fdae6c | test1362     | Guest      
 | Vlan                  | vlan://1362   | NULL          | NULL             | Dhcp   |   
               7 |                 200 |              1 | DirectNetworkGuru   | Setup |  
  205 |         1 |          1 | NULL | NULL | NULL      |          0 | Domain   | hello1362
     | NULL           | Shared     |                0 | 2013-02-26 21:56:24 | NULL    |  
              1 |   NULL | fc00:3:1362::1 | fc00:3:1362::1/64 |
> +-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
> 6 rows in set (0.00 sec)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message