From: "Oved Ourfali" <ovedo(a)redhat.com>
To: "plysan" <plysab(a)gmail.com>, "Eli Mesika"
<emesika(a)redhat.com>
Cc: "Users(a)ovirt.org List" <users(a)ovirt.org>
Sent: Thursday, December 11, 2014 9:48:32 AM
Subject: Re: [ovirt-users] Problems while adding external event to ovirt
According to the log he is looking for the INJECT_EXTERNAL_EVENTS action
group, on the System.
I guess it means this action group isn't part of the SuperUser role.
Eli - you commit ecd7658c42b799d8632372de9fc6695a22705435 shows you added
this action group, but not added to the SuperUser role.
What was the reason for that?
I also don't see an option to add this action group to roles.
Maybe only the API supports creating a new custom role with this action
group.
Thanks,
Oved
----- Original Message -----
> From: "plysan" <plysab(a)gmail.com>
> To: "Users(a)ovirt.org List" <users(a)ovirt.org>
> Sent: Thursday, December 11, 2014 9:20:34 AM
> Subject: Re: [ovirt-users] Problems while adding external event to ovirt
>
> Oh, forgot the environment:
>
> ovirt-engine-backend-3.5.1-0.0.master.20141112062025.git2c24911.el6.noarch
> ovirt-engine-restapi-3.5.1-0.0.master.20141112062025.git2c24911.el6.noarch
>
> 2014-12-11 15:18 GMT+08:00 plysan < plysab(a)gmail.com > :
>
>
>
> Hi,
>
> When I try to add an external event to ovirt using curl, I get permission
> issue:
>
> $ curl -X POST --insecure -u admin@internal:abc123 -H "Content-Type:
> application/json"
https://192.168.3.226/ovirt-engine/api/events --data
>
'{"origin":"thirdParty","severity":"normal","custom_id":"123","description":"hello
> external event."}'
> <?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
> <fault>
> <reason>Operation Failed</reason>
> <detail>[User is not authorized to perform this action.]</detail>
> </fault>
>
> The engine.log says:
>
> 2014-12-11 14:52:33,725 INFO
> [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
> (ajp--127.0.0.1-8702-7) Running command: LoginUserCommand internal: false.
> 2014-12-11 14:52:33,732 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom
> Event
> ID: -1, Message: User admin logged in.
> 2014-12-11 14:52:33,750 INFO
> [org.ovirt.engine.core.bll.AddExternalEventCommand] (ajp--127.0.0.1-8702-7)
> [6947ffae] No permission found for user
> fdfc627c-d875-11e0-90f0-83df133b58cc
> or one of the groups he is member of, when running action AddExternalEvent,
> Required permissions are: Action type: ADMIN Action group:
> INJECT_EXTERNAL_EVENTS Object type: System Object ID:
> aaa00000-0000-0000-0000-123456789aaa.
> 2014-12-11 14:52:33,751 WARN
> [org.ovirt.engine.core.bll.AddExternalEventCommand] (ajp--127.0.0.1-8702-7)
> [6947ffae] CanDoAction of action AddExternalEvent failed.
> Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
> 2014-12-11 14:52:33,765 ERROR
> [org.ovirt.engine.api.restapi.resource.AbstractBackendResource]
> (ajp--127.0.0.1-8702-7) Operation Failed: [User is not authorized to
> perform
> this action.]
> 2014-12-11 14:52:33,779 INFO
> [org.ovirt.engine.core.bll.aaa.LogoutBySessionCommand]
> (ajp--127.0.0.1-8702-7) [21c639e1] Running command: LogoutBySessionCommand
> internal: false.
> 2014-12-11 14:52:33,780 INFO
> [org.ovirt.engine.core.bll.aaa.LogoutUserCommand] (ajp--127.0.0.1-8702-7)
> [6de8f467] Running command: LogoutUserCommand internal: false.
> 2014-12-11 14:52:33,790 INFO
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (ajp--127.0.0.1-8702-7) [6de8f467] Correlation ID: 6de8f467, Call Stack:
> null, Custom Event ID: -1, Message: User admin logged out.
>
> Is this the expected behavior? Or is there anything i missed?
Is this a newly created 3.5 DB ???
I suspect that maybe this is a result of 3.2 DB squashing work
If this is an upgraded env please specify from and target versions
Thanks
>
> thanks
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users
>