[
https://issues.apache.org/jira/browse/CLOUDSTACK-1418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13587807#comment-13587807
]
Prachi Damle commented on CLOUDSTACK-1418:
------------------------------------------
Sangeetha, please can you add the zone details too?
> As regular user , we are not allowed to deploy VM on a shared network.
> -----------------------------------------------------------------------
>
> Key: CLOUDSTACK-1418
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1418
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Affects Versions: 4.1.0
> Environment: Build from 4.1 branch built on 2/26
> Reporter: Sangeetha Hariharan
> Assignee: Prachi Damle
> Priority: Critical
> Fix For: 4.1.0
>
>
> Steps to reproduce the problem:
> Create a shared network with acltype set to "domain".
> 2013-02-26 13:56:24,335 INFO [cloud.api.ApiServer] (catalina-exec-24:null)
> (userId=2 accountId=2 sessionId=029D24A96FE3B77FBC2C31873D09B594)
> 10.216.50.206 -- GET
> command=createNetwork&zoneId=755b2735-6bb2-4778-a37b-f96a8f66a571&networkOfferingId=b6434ba6-7a43-4504-be22-3903279f59ef&physicalnetworkid=2388ee68-2aa8-4a1b-99e2-6f0fa869c145&name=test1362&displayText=test1362&vlan=1362&acltype=domain&ip6gateway=FC00:3:1362::1&ip6cidr=FC00:3:1362::1/64&startipv6=FC00:3:1362::2&endipv6=FC00:3:1362::FFFF:FFFF:FFFF:FFFF&networkdomain=hello1362&response=json&sessionkey=3fceZn%2B25ajs1zG25XlIYoX1zX0%3D
> 200 { "createnetworkresponse" : { "network" :
> {"id":"c07d47d0-4842-40d8-a834-084bd6fdae6c","name":"test1362","displaytext":"test1362","broadcastdomaintype":"Vlan","traffictype":"Guest","zoneid":"755b2735-6bb2-4778-a37b-f96a8f66a571","zonename":"Zone1","networkofferingid":"b6434ba6-7a43-4504-be22-3903279f59ef","networkofferingname":"DefaultSharedNetworkOffering","networkofferingdisplaytext":"Offering
> for Shared
> networks","networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"c07d47d0-4842-40d8-a834-084bd6fdae6c","broadcasturi":"vlan://1362","dns1":"72.52.126.11","dns2":"72.52.126.12","type":"Shared","vlan":"1362","acltype":"Domain","subdomainaccess":true,"domainid":"43233dde-8055-11e2-89d9-06d4460004b1","domain":"ROOT","service":[{"name":"Dhcp"},{"name":"UserData"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]}],"networkdomain":"hello1362","physicalnetworkid":"2388ee68-2aa8-4a1b-99e2-6f0fa869c145","restartrequired":false,"specifyipranges":true,"canusefordeploy":true,"ispersistent":false,"tags":[],"ip6gateway":"fc00:3:1362::1","ip6cidr":"fc00:3:1362::1/64"}
> } }
> As regular user , deploy a Vm on the above created network.
> It fails with following error message "Acct[3-Test] does not have permission
> to operate with resource Ntwk[205|Guest|7"
> 2013-02-26 16:18:37,046 INFO [cloud.api.ApiServer] (catalina-exec-17:null)
> (userId=3 accountId=3 sessionId=DD6AECB69D1A73F24283429400180430)
> 10.216.50.206 -- GET
> command=deployVirtualMachine&zoneId=755b2735-6bb2-4778-a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-40d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460
> 531 Acct[3-Test] does not have permission to operate with resource
> Ntwk[205|Guest|7]
> Management.log
> 2013-02-26 16:18:37,032 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null)
> ===START=== 10.216.50.206 -- GET
> command=deployVirtualMachine&zoneId=755b2735-6bb2-47
> 78-a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-
> 40d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460
> 2013-02-26 16:18:37,037 DEBUG [cloud.api.ApiDispatcher]
> (catalina-exec-17:null) InfrastructureEntity name
> is:com.cloud.offering.ServiceOffering
> 2013-02-26 16:18:37,037 DEBUG [cloud.api.ApiDispatcher]
> (catalina-exec-17:null) ControlledEntity name
> is:com.cloud.template.VirtualMachineTemplate
> 2013-02-26 16:18:37,039 DEBUG [cloud.api.ApiDispatcher]
> (catalina-exec-17:null) ControlledEntity name is:com.cloud.network.Network
> 2013-02-26 16:18:37,041 DEBUG [cloud.user.AccountManagerImpl]
> (catalina-exec-17:null) Access to Acct[3-Test] granted to Acct[3-Test] by
> DomainChecker
> 2013-02-26 16:18:37,042 DEBUG [cloud.user.AccountManagerImpl]
> (catalina-exec-17:null) Access to Acct[3-Test] granted to Acct[3-Test] by
> DomainChecker
> 2013-02-26 16:18:37,044 DEBUG [cloud.user.AccountManagerImpl]
> (catalina-exec-17:null) Access to
> Tmpl[202-QCOW2-202-2-954c72e3-d894-34df-8cd5-1752479b13a0 granted to
> Acct[3-Test] by DomainChecker
> 2013-02-26 16:18:37,045 INFO [cloud.api.ApiServer] (catalina-exec-17:null)
> PermissionDenied: Acct[3-Test] does not have permission to operate with
> resource Ntwk[20
> 5|Guest|7] on uuids: []
> 2013-02-26 16:18:37,046 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null)
> ===END=== 10.216.50.206 -- GET
> command=deployVirtualMachine&zoneId=755b2735-6bb2-4778
> -a37b-f96a8f66a571&templateId=833bf05d-9d5f-43c3-a41b-2d47bcfc86f1&hypervisor=KVM&serviceOfferingId=2d348f5a-b4ab-48de-ad69-b6a7b47a9b10&networkIds=c07d47d0-4842-40
> d8-a834-084bd6fdae6c&displayname=test-new&name=test-new&response=json&sessionkey=U0LElYpYxOaLEYbuX2%2BQ8PFgQxc%3D&_=1361924326460
> DB entries:
> mysql> select * from user;
> +----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
> | id | uuid | username | password
> | account_id | firstname | lastname | email | state |
> api_key | secret_key | created | removed | timezone |
> registration_token | is_registered | incorrect_login_attempts | region_id |
> +----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
> | 1 | 6062b550-8055-11e2-89d9-06d4460004b1 | system | 0.298628012927834
> | 1 | system | cloud | NULL | enabled |
> NULL | NULL | 2013-02-26 12:44:55 | NULL | NULL |
> NULL | 0 | 0 | 1 |
> | 2 | 606385fc-8055-11e2-89d9-06d4460004b1 | admin |
> 5f4dcc3b5aa765d61d8327deb882cf99 | 2 | admin | cloud | NULL
> | enabled | NULL | NULL | 2013-02-26 12:44:55 | NULL | NULL
> | NULL | 0 | 0 |
> 1 |
> | 3 | b7b44191-0cdd-4364-be42-e98932f62237 | Test |
> 0cbc6611f5540bd0809a388dc95a615b | 3 | Test | Test |
> t...@abc.com | enabled | NULL | NULL | 2013-02-26 22:37:38 | NULL
> | Mexico/BajaNorte | NULL | 0 |
> 0 | 1 |
> +----+--------------------------------------+----------+----------------------------------+------------+-----------+----------+--------------+---------+---------+------------+---------------------+---------+------------------+--------------------+---------------+--------------------------+-----------+
> 3 rows in set (0.00 sec)
> mysql> select * from account;
> +----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
> | id | account_name | uuid | type | domain_id
> | state | removed | cleanup_needed | network_domain | default_zone_id |
> region_id |
> +----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
> | 1 | system | 606228e2-8055-11e2-89d9-06d4460004b1 | 1 | 1
> | enabled | NULL | 0 | NULL | NULL |
> 1 |
> | 2 | admin | 60631db0-8055-11e2-89d9-06d4460004b1 | 1 | 1
> | enabled | NULL | 0 | NULL | NULL |
> 1 |
> | 3 | Test | 6c199311-8604-4c96-a661-b04ed3f42b58 | 0 | 1
> | enabled | NULL | 0 | NULL | NULL |
> 1 |
> +----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
> 3 rows in set (0.00 sec)
> mysql> select * from networks;
> +-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
> | id | name | uuid | display_text |
> traffic_type | broadcast_domain_type | broadcast_uri | gateway | cidr
> | mode | network_offering_id | physical_network_id |
> data_center_id | guru_name | state | related | domain_id |
> account_id | dns1 | dns2 | guru_data | set_fields | acl_type | network_domain
> | reservation_id | guest_type | restart_required | created |
> removed | specify_ip_ranges | vpc_id | ip6_gateway | ip6_cidr |
> +-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
> | 200 | NULL | 179745b1-e874-44e6-84f8-35fb57050e07 | NULL |
> Public | Vlan | NULL | NULL | NULL
> | Static | 1 | NULL |
> 1 | PublicNetworkGuru | Setup | 200 | 1 | 1 | NULL |
> NULL | NULL | 0 | NULL | NULL | NULL |
> NULL | 0 | 2013-02-26 21:34:37 | NULL |
> 1 | NULL | NULL | NULL |
> | 201 | NULL | 6b555566-ddbd-4475-9870-c945555e7179 | NULL |
> Management | Native | NULL | NULL | NULL
> | Static | 2 | NULL |
> 1 | PodBasedNetworkGuru | Setup | 201 | 1 | 1 | NULL |
> NULL | NULL | 0 | NULL | NULL | NULL |
> NULL | 0 | 2013-02-26 21:34:37 | NULL |
> 0 | NULL | NULL | NULL |
> | 202 | NULL | bd1d3568-9cf6-4ba6-b054-d91348b7ae29 | NULL |
> Control | LinkLocal | NULL | 169.254.0.1 |
> 169.254.0.0/16 | Static | 3 | NULL |
> 1 | ControlNetworkGuru | Setup | 202 | 1 | 1 |
> NULL | NULL | NULL | 0 | NULL | NULL | NULL
> | NULL | 0 | 2013-02-26 21:34:37 | NULL |
> 0 | NULL | NULL | NULL |
> | 203 | NULL | 132c91d1-e224-4359-98ee-cb387962040a | NULL |
> Storage | Native | NULL | NULL | NULL
> | Static | 4 | NULL |
> 1 | StorageNetworkGuru | Setup | 203 | 1 | 1 | NULL |
> NULL | NULL | 0 | NULL | NULL | NULL |
> NULL | 0 | 2013-02-26 21:34:37 | NULL |
> 1 | NULL | NULL | NULL |
> | 204 | test1361 | 28376fd3-e531-4b2e-84e2-cba72c8e81ba | test1361 |
> Guest | Vlan | vlan://1361 | 10.223.136.65 |
> 10.223.136.64/26 | Dhcp | 7 | 200 |
> 1 | DirectNetworkGuru | Setup | 204 | 1 | 1 |
> NULL | NULL | NULL | 0 | Domain | hello1361 | NULL
> | Shared | 0 | 2013-02-26 21:51:41 | NULL |
> 1 | NULL | fc00:3:1361::1 | fc00:3:1361::1/64 |
> | 205 | test1362 | c07d47d0-4842-40d8-a834-084bd6fdae6c | test1362 |
> Guest | Vlan | vlan://1362 | NULL | NULL
> | Dhcp | 7 | 200 |
> 1 | DirectNetworkGuru | Setup | 205 | 1 | 1 | NULL |
> NULL | NULL | 0 | Domain | hello1362 | NULL |
> Shared | 0 | 2013-02-26 21:56:24 | NULL |
> 1 | NULL | fc00:3:1362::1 | fc00:3:1362::1/64 |
> +-----+----------+--------------------------------------+--------------+--------------+-----------------------+---------------+---------------+------------------+--------+---------------------+---------------------+----------------+---------------------+-------+---------+-----------+------------+------+------+-----------+------------+----------+----------------+----------------+------------+------------------+---------------------+---------+-------------------+--------+----------------+-------------------+
> 6 rows in set (0.00 sec)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
