[ https://issues.apache.org/jira/browse/CLOUDSTACK-2078?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Prachi Damle resolved CLOUDSTACK-2078. -------------------------------------- Resolution: Fixed > Anti-Affinity - Error messages when deploying Vm in affinity group /deleting > affinity group that does not belong to the user expose account Id and > affinity group Id. > --------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-2078 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2078 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server > Affects Versions: 4.2.0 > Environment: Build from master > Reporter: Sangeetha Hariharan > Assignee: Prachi Damle > Fix For: 4.2.0 > > > In the following scenarios , we expose affinity_group_id and account_id in > error messages. > 1. Error message when 1 regular user tries to delete affinity group that > belongs to other user by passing the uuid, We expose the affinity_group_id > and account_id in this error message. > 530 Error text: Acct[3-sangee] does not have permission to operate with > resource AffinityGroup[7|test-2|host anti-affinity] > > 2. Error message includes account Id when trying to deploy a Vm in a affinity > group name that does not belong to this account: > > Error message seen - { "deployvirtualmachineresponse" : > {"errorcode":431,"cserrorcode":4350,"errortext":"Unable to find group by name > sangee-1456 for account 2"} } > > 3. When trying to deploy a Vm in a affinity group that does not belong to > this account by passing affinitygroupids: > 2013-04-17 16:24:39,160 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null) > ===START=== 10.217.252.128 -- GET command=deployVirtualMachin > e&zoneId=63fb31bd-de23-40d5-a710-4a6b922d153c&templateId=aa7c5240-a625-11e2-8627-06d4460004b1&hypervisor=XenServer&serviceOfferingId=8b3e4d > d8-f8ae-4e12-9551-604fbb6c6313&networkIds=40ae3118-1004-4616-96ee-bd42beb9b8e1&displayname=testnew15&name=testnew15&response=json&sessionke > y=mAdgavcYHN1AOy5Ox9a%2Fad%2B8Bt0%3D&affinitygroupids=6e2dac53-6e28-4fa9-aec8-c55719bef51e > 2013-04-17 16:24:39,167 DEBUG [cloud.api.ApiDispatcher] > (catalina-exec-8:null) InfrastructureEntity name > is:com.cloud.offering.ServiceOffer > ing > 2013-04-17 16:24:39,170 DEBUG [cloud.api.ApiDispatcher] > (catalina-exec-8:null) ControlledEntity name > is:com.cloud.template.VirtualMachineTe > mplate > 2013-04-17 16:24:39,172 DEBUG [cloud.api.ApiDispatcher] > (catalina-exec-8:null) ControlledEntity name is:com.cloud.network.Network > 2013-04-17 16:24:39,175 DEBUG [cloud.api.ApiDispatcher] > (catalina-exec-8:null) ControlledEntity name > is:org.apache.cloudstack.affinity.Affi > nityGroup > 2013-04-17 16:24:39,176 DEBUG [cloud.user.AccountManagerImpl] > (catalina-exec-8:null) Access to Acct[3-sangee] granted to Acct[3-sangee] by > DomainChecker_EnhancerByCloudStack_daf355b4 > 2013-04-17 16:24:39,177 DEBUG [cloud.user.AccountManagerImpl] > (catalina-exec-8:null) Access to Acct[3-sangee] granted to Acct[3-sangee] by > DomainChecker_EnhancerByCloudStack_daf355b4 > 2013-04-17 16:24:39,180 DEBUG [cloud.user.AccountManagerImpl] > (catalina-exec-8:null) Access to Ntwk[204|Guest|8] granted to Acct[3-sangee] > by DomainChecker_EnhancerByCloudStack_daf355b4 > 2013-04-17 16:24:39,181 DEBUG [cloud.user.AccountManagerImpl] > (catalina-exec-8:null) Access to Tmpl[5-VHD-centos56-x86_64-xen granted to Ac > ct[3-sangee] by DomainChecker_EnhancerByCloudStack_daf355b4 > 2013-04-17 16:24:39,182 INFO [cloud.api.ApiServer] (catalina-exec-8:null) > PermissionDenied: Acct[3-sangee] does not have permission to ope > rate with resource AffinityGroup[7|test-2|host anti-affinity] on uuids: [] > 2013-04-17 16:24:39,182 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null) > ===END=== 10.217.252.128 -- GET command=deployVirtualMachine& > zoneId=63fb31bd-de23-40d5-a710-4a6b922d153c&templateId=aa7c5240-a625-11e2-8627-06d4460004b1&hypervisor=XenServer&serviceOfferingId=8b3e4dd8 > -f8ae-4e12-9551-604fbb6c6313&networkIds=40ae3118-1004-4616-96ee-bd42beb9b8e1&displayname=testnew15&name=testnew15&response=json&sessionkey= > mAdgavcYHN1AOy5Ox9a%2Fad%2B8Bt0%3D&affinitygroupids=6e2dac53-6e28-4fa9-aec8-c55719bef51e > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira