In my code below I create a user in Ovirt SDK via its CLI.
UserUtils.addUser(engineHost, USER, "John12", "Doe12");
UserUtils.setPassword(engineHost, USER, "abcdef");
I then create a Map of permissions for a new role
Role addedRole = addRole(sysService, new RoleBuilder()
.administrative(true)
.name(expName)
.description(expDescription)
.permits(RoleUtils.createTestPermits(new
ArrayList<>(expectedPermits.keySet())))
.build());
And build the user with same role.
UserBuilder builder = new
UserBuilder().userName(USER).lastName("Doe").name("John").domain(domainBuilder).roles(addedRole);
However, when i create my connection as follows...
connection = ConnectionUtils.createConnection(engineUrl, USER +
"@internal-authz", "abcdef");
sysService = ConnectionUtils.getReferenceToSystemServices(connection);
It doesnt allow user login
2020-03-09 16:12:04,686/GMT [main] ERROR framework (StepLogger.java:96:onTestFailure) -
------------------- Test failed UserRoleTest.testUserRole() @68d6972f [pri:0] -----
org.ovirt.engine.sdk4.Error: Error during SSO authentication "access_denied" :
"Cannot authenticate user 'a0e04eda-396c-46f1-9b4b-11d7c6@internal-authz': No
valid profile f
at
org.ovirt.engine.sdk4.internal.HttpConnection.getAccessToken(HttpConnection.java:377)
Full code below. As you can see, the new role includes login permissions. If i go in as
the admin user, i can see that while the role has been successfully added, it does not get
assigned to the user.
@Test(description = "Test role assigned to user")
public void testUserRole() throws NoSuchFieldException, IllegalAccessException {
UserUtils.addUser(engineHost, USER, "John12", "Doe12");
UserUtils.setPassword(engineHost, USER, "abcdef");
DomainBuilder domainBuilder = new
DomainBuilder().id("696E7465726E616C2D617574687A").name("internal-authz");
String typeName = "AAAA";
String expName = typeName + OvirtCommonUtils.returnUniqueID("");;
String expDescription = "I am a new Test User";
Map<String,String> expectedPermits = new HashMap<>();
sysService.rolesService().roleService("UserVmManager").get(); //
expectedPermits.put("1", "create_Vm");
expectedPermits.put("2", "delete_vm");
expectedPermits.put("3", "edit_vm_properties");
expectedPermits.put("5", "change_vm_cd");
expectedPermits.put("7", "connect_to_vm");
expectedPermits.put("9", "configure_vm_network");
expectedPermits.put("10", "configure_vm_storage");
expectedPermits.put("12", "manipulate_vm_snapshots");
expectedPermits.put("1100", "create_disk");
expectedPermits.put("1101", "attach_disk");
expectedPermits.put("1102", "edit_disk_properties");
expectedPermits.put("1104", "delete_disk");
expectedPermits.put("502", "manipulate_permissions");
expectedPermits.put("1300", "login");
expectedPermits.put("503",
"add_users_and_groups_from_directory");
expectedPermits.put("17", "reboot_vm");
expectedPermits.put("18", "stop_vm");
expectedPermits.put("19", "shut_down_vm");
expectedPermits.put("21", "hibernate_vm");
expectedPermits.put("22", "run_vm");
expectedPermits.put("1664", "connect_to_serial_console");
expectedPermits.put("1668", "assign_cpu_profile");
expectedPermits.put("1108", "sparsify_disk");
expectedPermits.put("1109", "reduce_disk");
expectedPermits.put("1110", "backup_disk");
//create role
Role addedRole = addRole(sysService, new RoleBuilder()
.administrative(true)
.name(expName)
.description(expDescription)
.permits(RoleUtils.createTestPermits(new
ArrayList<>(expectedPermits.keySet())))
.build());
UserBuilder builder = new
UserBuilder().userName(USER).lastName("Doe").name("John").domain(domainBuilder).roles(addedRole);
PermissionBuilder permissionBuilder = new
PermissionBuilder().id("1").name("Do something").user(builder);
connection = ConnectionUtils.createConnection(engineUrl, USER +
"@internal-authz", "abcdef");
sysService = ConnectionUtils.getReferenceToSystemServices(connection);