Bug #6835
closed
Unable to use RHEV/ovirt without admin permissions on the rhev cluster
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1123676
Description of problem:
When trying to create a rhev compute resource with non-admin RHEV user, the following error occurs:
"query execution failed due to insufficient permissions."
The reason for this is the RHEV needs to be called with 'Filter: true' headers
for the api to work correctly with non-admin user.
The rbovirt client library supports to specify the filtered_api option, but fog and foreman don't have a support for that
Updated by Dominic Cleal almost 10 years ago
- Category set to Compute resources - oVirt
- Assignee deleted (
Dominic Cleal)
Updated by Tom Caspy over 9 years ago
added a pull request to the fog gem: https://github.com/fog/fog/pull/3393
Updated by Jorick Astrego over 8 years ago
It appears it still doesn't get set in:
foreman-ovirt-1.9.2-1.el6.noarch
ruby193-rubygem-rbovirt-0.0.35-1.el6.noarch
I'll continue on the foreman list from now.
2015-11-02 10:29:17,126 DEBUG [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp--127.0.0.1-8702-9) Found permission fbcb73a0-226e-49d4-9e7a-01c665127a07 for user when running LoginUser, on Bottom with id bbb00000-0000-0000-0000-123456789bbb
2015-11-02 10:29:17,128 DEBUG [org.ovirt.engine.core.bll.aaa.LoginBaseCommand] (ajp--127.0.0.1-8702-9) Checking if user testuser is an admin, result false
2015-11-02 10:29:17,129 INFO [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp--127.0.0.1-8702-9) Running command: LoginUserCommand(LoginName = null, ProfileName = netbulae.test, AuthRecord = {Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=testuser}, IsAdmin = false, ActionType = LoginUser, AuthType = CREDENTIALS) internal: false.
2015-11-02 10:29:17,132 TRACE [org.ovirt.engine.core.bll.GetConfigurationValueQuery] (ajp--127.0.0.1-8702-9) START, GetConfigurationValueQuery(version: general, configuration value: ApplicationMode, refresh: false, filtered: false), log id: 438b23b5
2015-11-02 10:29:17,134 TRACE [org.ovirt.engine.core.bll.GetConfigurationValueQuery] (ajp--127.0.0.1-8702-9) FINISH, GetConfigurationValueQuery, log id: 438b23b5
2015-11-02 10:29:17,134 TRACE [org.ovirt.engine.core.bll.aaa.GetValueBySessionQuery] (ajp--127.0.0.1-8702-9) START, GetValueBySessionQuery(refresh: false, filtered: false), log id: 63d562b7
2015-11-02 10:29:17,135 TRACE [org.ovirt.engine.core.bll.aaa.GetValueBySessionQuery] (ajp--127.0.0.1-8702-9) FINISH, GetValueBySessionQuery, log id: 63d562b7
2015-11-02 10:29:17,136 TRACE [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-9) START, SearchQuery(search type: StoragePool, search pattern: [Datacenter : ], case sensitive: true [from: 0, max: -1] refresh: true, filtered: false), log id: 4e440f95
2015-11-02 10:29:17,138 ERROR [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-9) Query execution failed due to insufficient permissions.
Updated by The Foreman Bot about 8 years ago
- Assignee set to Marek Hulán
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3288 added
Updated by Ohad Levy about 8 years ago
- Bugzilla link changed from 1123676 to 1203670
Updated by Ohad Levy about 8 years ago
- Bugzilla link changed from 1203670 to 1123676
Updated by Dominic Cleal about 8 years ago
- Status changed from Ready For Testing to Rejected
PR closed in favour of documenting required permissions. Please consider sending a PR to theforeman.org, section 5.2.7 mirroring the one in the VMware section 5.2.9.