Permission issues when trying to migrate vm through the api (ovirt system tests)
--GZVR6ND4mMseVXL/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi everyone! I'm having some issues when trying to run the ovirt system tests from ovirt master branch, and I need some help from you guys. The issue is that when trying to migrate a vm through the api, I get the er= ror: RequestError:=20 status: 400 reason: Bad Request detail: User is not authorized to perform this action. That does not happen when doing the same through the ui, the vm is migrated correctly. The engine logs don't add much more details: 2016-04-18 06:04:15,393 INFO [org.ovirt.engine.core.bll.MigrateVmToServerC= ommand] (default task-15) [29237280] No permission found for user '0000001a= -001a-001a-001a-0000000002dd' or one of the groups he is member of, when ru= nning action 'MigrateVmToServer', Required permissions are: Action type: 'U= SER' Action group: 'CREATE_VM' Object type: 'Cluster' Object ID: 'null'. 2016-04-18 06:04:15,393 WARN [org.ovirt.engine.core.bll.MigrateVmToServerC= ommand] (default task-15) [29237280] Validation of action 'MigrateVmToServe= r' failed for user admin@internal-authz. Reasons: VAR__ACTION__MIGRATE,VAR_= _TYPE__VM,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION 2016-04-18 06:04:15,413 ERROR [org.ovirt.engine.api.restapi.resource.Abstra= ctBackendResource] (default task-15) [] Operation Failed: [User is not auth= orized to perform this action.] Something that looks odd to me too, is that in the roles, when you edit the 'SuperUser' role (the one the admin user belongs to) there there's one permission missing, the 'VM->Provisioning Operations->Create Instance', and can't be added (it's greyed out), not sure if it's related though, I can pa= ss you a screenshot if you want. I can give you access to an environment where that happens and more details/logs/etc if you want to look deeper into it. Thanks! --=20 David Caro Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization R&D Tel.: +420 532 294 605 Email: dcaro@redhat.com IRC: dcaro|dcaroest@{freenode|oftc|redhat} Web: www.redhat.com RHT Global #: 82-62605 --GZVR6ND4mMseVXL/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJXFLfJAAoJEEBxx+HSYmnDFA0H/Ar1wcZSNcu53zhrU74+7Eo7 wNUAJcP64yQxgT2Uda4MP4zD+ARsheOfA+MvPg7WuSQaXaoIyV1vkEFlfKb9UgZM Pp5Lu8Rd/hSrzvJay/iB0JDmYkxgsHeRrwJRS0T9FKJ7R9WDxu77UzDTLj3Q3IpP 8IO8B4QrE/ujWp0sOK8fns6WgaOmfF7/BWtLzt2SbBIGGfMj6gdPKItTb5nW0M01 Q176SWqd3Xfdi5IDoknKSGoR2BrIu2Lkv9JvScPqEewJZdBJQNPc3FuZwSycRzm8 bKnmdSJrabSMcNl7UeVyn6lciGhYjMAsro7OLXtiVNWXDpvyEHuQhaU/rGTsg18= =f6YE -----END PGP SIGNATURE----- --GZVR6ND4mMseVXL/--
On Mon, Apr 18, 2016 at 1:32 PM, David Caro <dcaro@redhat.com> wrote:
Hi everyone!
I'm having some issues when trying to run the ovirt system tests from ovirt master branch, and I need some help from you guys.
https://bugzilla.redhat.com/show_bug.cgi?id=1328011 Y.
The issue is that when trying to migrate a vm through the api, I get the error:
RequestError: status: 400 reason: Bad Request detail: User is not authorized to perform this action.
That does not happen when doing the same through the ui, the vm is migrated correctly.
The engine logs don't add much more details:
2016-04-18 06:04:15,393 INFO [org.ovirt.engine.core.bll.MigrateVmToServerCommand] (default task-15) [29237280] No permission found for user '0000001a-001a-001a-001a-0000000002dd' or one of the groups he is member of, when running action 'MigrateVmToServer', Required permissions are: Action type: 'USER' Action group: 'CREATE_VM' Object type: 'Cluster' Object ID: 'null'. 2016-04-18 06:04:15,393 WARN [org.ovirt.engine.core.bll.MigrateVmToServerCommand] (default task-15) [29237280] Validation of action 'MigrateVmToServer' failed for user admin@internal-authz. Reasons: VAR__ACTION__MIGRATE,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION 2016-04-18 06:04:15,413 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default task-15) [] Operation Failed: [User is not authorized to perform this action.]
Something that looks odd to me too, is that in the roles, when you edit the 'SuperUser' role (the one the admin user belongs to) there there's one permission missing, the 'VM->Provisioning Operations->Create Instance', and can't be added (it's greyed out), not sure if it's related though, I can pass you a screenshot if you want.
I can give you access to an environment where that happens and more details/logs/etc if you want to look deeper into it.
Thanks!
-- David Caro
Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization R&D
Tel.: +420 532 294 605 Email: dcaro@redhat.com IRC: dcaro|dcaroest@{freenode|oftc|redhat} Web: www.redhat.com RHT Global #: 82-62605
On 18 Apr 2016, at 12:47, Yaniv Kaul <ykaul@redhat.com> wrote: =20 =20 =20 On Mon, Apr 18, 2016 at 1:32 PM, David Caro <dcaro@redhat.com = <mailto:dcaro@redhat.com>> wrote: =20 Hi everyone! =20 =20 I'm having some issues when trying to run the ovirt system tests from = ovirt master branch, and I need some help from you guys. =20 https://bugzilla.redhat.com/show_bug.cgi?id=3D1328011 = <https://bugzilla.redhat.com/show_bug.cgi?id=3D1328011> great, lago caught a regression!
Y. =20 =20 The issue is that when trying to migrate a vm through the api, I get =
--Apple-Mail=_9E69F5A7-F84E-44AC-8E24-8EA3723C9410 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii patch will be posted soon the error:
=20 RequestError: status: 400 reason: Bad Request detail: User is not authorized to perform this action. =20 =20 That does not happen when doing the same through the ui, the vm is = migrated correctly. =20 The engine logs don't add much more details: =20 2016-04-18 06:04:15,393 INFO = [org.ovirt.engine.core.bll.MigrateVmToServerCommand] (default task-15) = [29237280] No permission found for user = '0000001a-001a-001a-001a-0000000002dd' or one of the groups he is member = of, when running action 'MigrateVmToServer', Required permissions are: = Action type: 'USER' Action group: 'CREATE_VM' Object type: 'Cluster' = Object ID: 'null'. 2016-04-18 06:04:15,393 WARN = [org.ovirt.engine.core.bll.MigrateVmToServerCommand] (default task-15) = [29237280] Validation of action 'MigrateVmToServer' failed for user = admin@internal-authz. Reasons: = VAR__ACTION__MIGRATE,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION 2016-04-18 06:04:15,413 ERROR = [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default = task-15) [] Operation Failed: [User is not authorized to perform this = action.] =20 =20 Something that looks odd to me too, is that in the roles, when you = edit the 'SuperUser' role (the one the admin user belongs to) there there's one permission missing, the 'VM->Provisioning Operations->Create = Instance', and can't be added (it's greyed out), not sure if it's related though, I = can pass you a screenshot if you want. =20 =20 I can give you access to an environment where that happens and more details/logs/etc if you want to look deeper into it. =20 =20 Thanks! =20 =20 -- David Caro =20 Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization R&D =20 Tel.: +420 532 294 605 <tel:%2B420%20532%20294%20605> Email: dcaro@redhat.com <mailto:dcaro@redhat.com> IRC: dcaro|dcaroest@{freenode|oftc|redhat} Web: www.redhat.com <http://www.redhat.com/> RHT Global #: 82-62605 =20 _______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
--Apple-Mail=_9E69F5A7-F84E-44AC-8E24-8EA3723C9410 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 18 Apr 2016, at 12:47, Yaniv Kaul <<a href="mailto:ykaul@redhat.com" class="">ykaul@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><br class=""><div class="gmail_extra"><br class=""><div class="gmail_quote">On Mon, Apr 18, 2016 at 1:32 PM, David Caro <span dir="ltr" class=""><<a href="mailto:dcaro@redhat.com" target="_blank" class="">dcaro@redhat.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><br class=""> Hi everyone!<br class=""> <br class=""> <br class=""> I'm having some issues when trying to run the ovirt system tests from ovirt<br class=""> master branch, and I need some help from you guys.<br class=""></blockquote><div class=""><br class=""></div><div class=""><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1328011" class="">https://bugzilla.redhat.com/show_bug.cgi?id=1328011</a></div></div></div></div></div></blockquote><div><br class=""></div>great, lago caught a regression!</div><div>patch will be posted soon</div><div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><div class="">Y.</div><div class=""> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> <br class=""> The issue is that when trying to migrate a vm through the api, I get the error:<br class=""> <br class=""> RequestError:<br class=""> status: 400<br class=""> reason: Bad Request<br class=""> detail: User is not authorized to perform this action.<br class=""> <br class=""> <br class=""> That does not happen when doing the same through the ui, the vm is migrated<br class=""> correctly.<br class=""> <br class=""> The engine logs don't add much more details:<br class=""> <br class=""> 2016-04-18 06:04:15,393 INFO [org.ovirt.engine.core.bll.MigrateVmToServerCommand] (default task-15) [29237280] No permission found for user '0000001a-001a-001a-001a-0000000002dd' or one of the groups he is member of, when running action 'MigrateVmToServer', Required permissions are: Action type: 'USER' Action group: 'CREATE_VM' Object type: 'Cluster' Object ID: 'null'.<br class=""> 2016-04-18 06:04:15,393 WARN [org.ovirt.engine.core.bll.MigrateVmToServerCommand] (default task-15) [29237280] Validation of action 'MigrateVmToServer' failed for user admin@internal-authz. Reasons: VAR__ACTION__MIGRATE,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br class=""> 2016-04-18 06:04:15,413 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default task-15) [] Operation Failed: [User is not authorized to perform this action.]<br class=""> <br class=""> <br class=""> Something that looks odd to me too, is that in the roles, when you edit the<br class=""> 'SuperUser' role (the one the admin user belongs to) there there's one<br class=""> permission missing, the 'VM->Provisioning Operations->Create Instance', and<br class=""> can't be added (it's greyed out), not sure if it's related though, I can pass<br class=""> you a screenshot if you want.<br class=""> <br class=""> <br class=""> I can give you access to an environment where that happens and more<br class=""> details/logs/etc if you want to look deeper into it.<br class=""> <br class=""> <br class=""> Thanks!<br class=""> <span class=""><font color="#888888" class=""><br class=""> <br class=""> --<br class=""> David Caro<br class=""> <br class=""> Red Hat S.L.<br class=""> Continuous Integration Engineer - EMEA ENG Virtualization R&D<br class=""> <br class=""> Tel.: <a href="tel:%2B420%20532%20294%20605" value="+420532294605" class="">+420 532 294 605</a><br class=""> Email: <a href="mailto:dcaro@redhat.com" class="">dcaro@redhat.com</a><br class=""> IRC: dcaro|dcaroest@{freenode|oftc|redhat}<br class=""> Web: <a href="http://www.redhat.com/" rel="noreferrer" target="_blank" class="">www.redhat.com</a><br class=""> RHT Global #: 82-62605<br class=""> </font></span></blockquote></div><br class=""></div></div> _______________________________________________<br class="">Devel mailing list<br class=""><a href="mailto:Devel@ovirt.org" class="">Devel@ovirt.org</a><br class="">http://lists.ovirt.org/mailman/listinfo/devel</div></blockquote></div><br class=""></body></html> --Apple-Mail=_9E69F5A7-F84E-44AC-8E24-8EA3723C9410--
On Mon, Apr 18, 2016 at 2:51 PM, Michal Skrivanek < michal.skrivanek@redhat.com> wrote:
On 18 Apr 2016, at 12:47, Yaniv Kaul <ykaul@redhat.com> wrote:
On Mon, Apr 18, 2016 at 1:32 PM, David Caro <dcaro@redhat.com> wrote:
Hi everyone!
I'm having some issues when trying to run the ovirt system tests from ovirt master branch, and I need some help from you guys.
https://bugzilla.redhat.com/show_bug.cgi?id=1328011
great, lago caught a regression!
In the past it caught many regressions also in 3.6 :-)
patch will be posted soon
Y.
The issue is that when trying to migrate a vm through the api, I get the error:
RequestError: status: 400 reason: Bad Request detail: User is not authorized to perform this action.
That does not happen when doing the same through the ui, the vm is migrated correctly.
The engine logs don't add much more details:
2016-04-18 06:04:15,393 INFO [org.ovirt.engine.core.bll.MigrateVmToServerCommand] (default task-15) [29237280] No permission found for user '0000001a-001a-001a-001a-0000000002dd' or one of the groups he is member of, when running action 'MigrateVmToServer', Required permissions are: Action type: 'USER' Action group: 'CREATE_VM' Object type: 'Cluster' Object ID: 'null'. 2016-04-18 06:04:15,393 WARN [org.ovirt.engine.core.bll.MigrateVmToServerCommand] (default task-15) [29237280] Validation of action 'MigrateVmToServer' failed for user admin@internal-authz. Reasons: VAR__ACTION__MIGRATE,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION 2016-04-18 06:04:15,413 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default task-15) [] Operation Failed: [User is not authorized to perform this action.]
Something that looks odd to me too, is that in the roles, when you edit the 'SuperUser' role (the one the admin user belongs to) there there's one permission missing, the 'VM->Provisioning Operations->Create Instance', and can't be added (it's greyed out), not sure if it's related though, I can pass you a screenshot if you want.
I can give you access to an environment where that happens and more details/logs/etc if you want to look deeper into it.
Thanks!
-- David Caro
Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization R&D
Tel.: +420 532 294 605 Email: dcaro@redhat.com IRC: dcaro|dcaroest@{freenode|oftc|redhat} Web: www.redhat.com RHT Global #: 82-62605
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
participants (4)
-
David Caro -
Michal Skrivanek -
Oved Ourfali -
Yaniv Kaul