<div dir="ltr">Hi Eli,<div><br></div><div>Yes this is newly created 3.5 environment with engine-setup.</div><div class="gmail_extra"><br><div class="gmail_quote">2014-12-11 17:13 GMT+08:00 Eli Mesika <span dir="ltr"><<a href="mailto:emesika@redhat.com" target="_blank">emesika@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><br>
<br>
----- Original Message -----<br>
> From: "Oved Ourfali" <<a href="mailto:ovedo@redhat.com">ovedo@redhat.com</a>><br>
> To: "plysan" <<a href="mailto:plysab@gmail.com">plysab@gmail.com</a>>, "Eli Mesika" <<a href="mailto:emesika@redhat.com">emesika@redhat.com</a>><br>
> Cc: "<a href="mailto:Users@ovirt.org">Users@ovirt.org</a> List" <<a href="mailto:users@ovirt.org">users@ovirt.org</a>><br>
> Sent: Thursday, December 11, 2014 9:48:32 AM<br>
> Subject: Re: [ovirt-users] Problems while adding external event to ovirt<br>
><br>
> According to the log he is looking for the INJECT_EXTERNAL_EVENTS action<br>
> group, on the System.<br>
> I guess it means this action group isn't part of the SuperUser role.<br>
><br>
> Eli - you commit ecd7658c42b799d8632372de9fc6695a22705435 shows you added<br>
> this action group, but not added to the SuperUser role.<br>
> What was the reason for that?<br>
> I also don't see an option to add this action group to roles.<br>
> Maybe only the API supports creating a new custom role with this action<br>
> group.<br>
><br>
> Thanks,<br>
> Oved<br>
><br>
> ----- Original Message -----<br>
> > From: "plysan" <<a href="mailto:plysab@gmail.com">plysab@gmail.com</a>><br>
> > To: "<a href="mailto:Users@ovirt.org">Users@ovirt.org</a> List" <<a href="mailto:users@ovirt.org">users@ovirt.org</a>><br>
> > Sent: Thursday, December 11, 2014 9:20:34 AM<br>
> > Subject: Re: [ovirt-users] Problems while adding external event to ovirt<br>
> ><br>
> > Oh, forgot the environment:<br>
> ><br>
> > ovirt-engine-backend-3.5.1-0.0.master.20141112062025.git2c24911.el6.noarch<br>
> > ovirt-engine-restapi-3.5.1-0.0.master.20141112062025.git2c24911.el6.noarch<br>
> ><br>
> > 2014-12-11 15:18 GMT+08:00 plysan < <a href="mailto:plysab@gmail.com">plysab@gmail.com</a> > :<br>
> ><br>
> ><br>
> ><br>
> > Hi,<br>
> ><br>
> > When I try to add an external event to ovirt using curl, I get permission<br>
> > issue:<br>
> ><br>
> > $ curl -X POST --insecure -u admin@internal:abc123 -H "Content-Type:<br>
> > application/json" <a href="https://192.168.3.226/ovirt-engine/api/events" target="_blank">https://192.168.3.226/ovirt-engine/api/events</a> --data<br>
> > '{"origin":"thirdParty","severity":"normal","custom_id":"123","description":"hello<br>
> > external event."}'<br>
> > <?xml version="1.0" encoding="UTF-8" standalone="yes"?><br>
> > <fault><br>
> > <reason>Operation Failed</reason><br>
> > <detail>[User is not authorized to perform this action.]</detail><br>
> > </fault><br>
> ><br>
> > The engine.log says:<br>
> ><br>
> > 2014-12-11 14:52:33,725 INFO<br>
> > [org.ovirt.engine.core.bll.aaa.LoginUserCommand]<br>
> > (ajp--127.0.0.1-8702-7) Running command: LoginUserCommand internal: false.<br>
> > 2014-12-11 14:52:33,732 INFO<br>
> > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
> > (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom<br>
> > Event<br>
> > ID: -1, Message: User admin logged in.<br>
> > 2014-12-11 14:52:33,750 INFO<br>
> > [org.ovirt.engine.core.bll.AddExternalEventCommand] (ajp--127.0.0.1-8702-7)<br>
> > [6947ffae] No permission found for user<br>
> > fdfc627c-d875-11e0-90f0-83df133b58cc<br>
> > or one of the groups he is member of, when running action AddExternalEvent,<br>
> > Required permissions are: Action type: ADMIN Action group:<br>
> > INJECT_EXTERNAL_EVENTS Object type: System Object ID:<br>
> > aaa00000-0000-0000-0000-123456789aaa.<br>
> > 2014-12-11 14:52:33,751 WARN<br>
> > [org.ovirt.engine.core.bll.AddExternalEventCommand] (ajp--127.0.0.1-8702-7)<br>
> > [6947ffae] CanDoAction of action AddExternalEvent failed.<br>
> > Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>
> > 2014-12-11 14:52:33,765 ERROR<br>
> > [org.ovirt.engine.api.restapi.resource.AbstractBackendResource]<br>
> > (ajp--127.0.0.1-8702-7) Operation Failed: [User is not authorized to<br>
> > perform<br>
> > this action.]<br>
> > 2014-12-11 14:52:33,779 INFO<br>
> > [org.ovirt.engine.core.bll.aaa.LogoutBySessionCommand]<br>
> > (ajp--127.0.0.1-8702-7) [21c639e1] Running command: LogoutBySessionCommand<br>
> > internal: false.<br>
> > 2014-12-11 14:52:33,780 INFO<br>
> > [org.ovirt.engine.core.bll.aaa.LogoutUserCommand] (ajp--127.0.0.1-8702-7)<br>
> > [6de8f467] Running command: LogoutUserCommand internal: false.<br>
> > 2014-12-11 14:52:33,790 INFO<br>
> > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
> > (ajp--127.0.0.1-8702-7) [6de8f467] Correlation ID: 6de8f467, Call Stack:<br>
> > null, Custom Event ID: -1, Message: User admin logged out.<br>
> ><br>
> > Is this the expected behavior? Or is there anything i missed?<br>
<br>
</div></div>Is this a newly created 3.5 DB ???<br>
I suspect that maybe this is a result of 3.2 DB squashing work<br>
If this is an upgraded env please specify from and target versions<br>
<br>
Thanks<br>
<div class="HOEnZb"><div class="h5"><br>
> ><br>
> > thanks<br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > Users mailing list<br>
> > <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
> > <a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
> ><br>
><br>
</div></div></blockquote></div><br></div></div>