[jira] [Reopened] (CLOUDSTACK-5578) KVM - Network down - When the host looses network connectivity , it is not able to fence itself.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-5578?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan reopened CLOUDSTACK-5578: - Hi Kishan, This is a problem that KVM host is not able to reboot itself which is the expected behavior. The host is attempting to reboot which fails . Is it possible to make the host forcefully reboot in such cases? Thanks Sangeetha > KVM - Network down - When the host looses network connectivity , it is not > able to fence itself. > > > Key: CLOUDSTACK-5578 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5578 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.2.0 > Environment: Build from 4.3 >Reporter: Sangeetha Hariharan >Assignee: Kishan Kavala >Priority: Critical > Fix For: 4.5.0 > > Attachments: DisconnectedHost.png, kvm-hostdisconnect.rar > > > KVM - Network down - When the host looses network connectivity , it is not > able to fence itself. > Steps to reproduce the problem: > Set up - Advanced zone with 2 Rhel 6.3 hosts in cluster. > Deploy ~10 Vms. > Simulate network disconnect on the host ( ifdown em1) > Host gets marked as "Down" and all the Vms gets HA-ed to the other host. > On the KVM host which lost connectivity , attempt to shutdown itself fails. > It was not able to umount the primary store. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7891) Fix failure in integration.component.test_escalations_instances.TestInstances/test_15_revert_vm_to_snapshot.
Sangeetha Hariharan created CLOUDSTACK-7891: --- Summary: Fix failure in integration.component.test_escalations_instances.TestInstances/test_15_revert_vm_to_snapshot. Key: CLOUDSTACK-7891 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7891 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Test Reporter: Sangeetha Hariharan Fix failure in integration.component.test_escalations_instances.TestInstances/test_15_revert_vm_to_snapshot. Following exception seen when this test case is executed: Disallowed failure integration.component.test_escalations_instances.TestInstances/test_15_revert_vm_to_snapshot: RevertToVMSnapshotCmd failed: VM Snapshot revert not allowed. This will result in VM state change. You can revert running VM to disk and memor -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CLOUDSTACK-7772) [Automation] - Fix test failure for integration.component.test_escalations_instances.TestInstances.test_15_revert_vm_to_snapshot
[
https://issues.apache.org/jira/browse/CLOUDSTACK-7772?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan updated CLOUDSTACK-7772:
Summary: [Automation] - Fix test failure for
integration.component.test_escalations_instances.TestInstances.test_15_revert_vm_to_snapshot
(was: [Automation] - Fix test failure for
ntegration.component.test_escalations_instances.TestInstances.test_15_revert_vm_to_snapshot)
> [Automation] - Fix test failure for
> integration.component.test_escalations_instances.TestInstances.test_15_revert_vm_to_snapshot
> -
>
> Key: CLOUDSTACK-7772
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7772
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Environment: Build from master
>Reporter: Sangeetha Hariharan
>
> Fix test failure for
> integration.component.test_escalations_instances.TestInstances.test_15_revert_vm_to_snapshot.
> reverting snapshot fails with following exception:
> Job failed: {jobprocstatus : 0, created : u'2014-10-22T08:43:54+', cmd :
> u'org.apache.cloudstack.api.command.user.vmsnapshot.RevertToVMSnapshotCmd',
> userid : u'507aefe6-8aae-49c3-974d-30a45c5bc79d', jobstatus : 2, jobid :
> u'51d73ace-1e7a-425d-b17d-05d675bbfe01', jobresultcode : 530, jobresulttype :
> u'object', jobresult : {errorcode : 530, errortext : u'VM Snapshot revert not
> allowed. This will result in VM state change. You can revert running VM to
> disk and memory type snapshot and stopped VM to disk type snapshot'},
> accountid : u'ae6ef7e5-217f-494e-857d-ecd53653faf9'}
> Root cause is CS does not support for reverting Vms in "Running" state to a
> diskonly snapshot.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7772) [Automation] - Fix test failure for ntegration.component.test_escalations_instances.TestInstances.test_15_revert_vm_to_snapshot
Sangeetha Hariharan created CLOUDSTACK-7772:
---
Summary: [Automation] - Fix test failure for
ntegration.component.test_escalations_instances.TestInstances.test_15_revert_vm_to_snapshot
Key: CLOUDSTACK-7772
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7772
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Environment: Build from master
Reporter: Sangeetha Hariharan
Fix test failure for
integration.component.test_escalations_instances.TestInstances.test_15_revert_vm_to_snapshot.
reverting snapshot fails with following exception:
Job failed: {jobprocstatus : 0, created : u'2014-10-22T08:43:54+', cmd :
u'org.apache.cloudstack.api.command.user.vmsnapshot.RevertToVMSnapshotCmd',
userid : u'507aefe6-8aae-49c3-974d-30a45c5bc79d', jobstatus : 2, jobid :
u'51d73ace-1e7a-425d-b17d-05d675bbfe01', jobresultcode : 530, jobresulttype :
u'object', jobresult : {errorcode : 530, errortext : u'VM Snapshot revert not
allowed. This will result in VM state change. You can revert running VM to disk
and memory type snapshot and stopped VM to disk type snapshot'}, accountid :
u'ae6ef7e5-217f-494e-857d-ecd53653faf9'}
Root cause is CS does not support for reverting Vms in "Running" state to a
diskonly snapshot.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7762) [Automation] - Fix test failure for test_02_revert_vm_snapshots in smoke/test_vm_snapshots.py
Sangeetha Hariharan created CLOUDSTACK-7762:
---
Summary: [Automation] - Fix test failure for
test_02_revert_vm_snapshots in smoke/test_vm_snapshots.py
Key: CLOUDSTACK-7762
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7762
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Test
Affects Versions: 4.5.0
Environment: Build from master
Reporter: Sangeetha Hariharan
Fix For: 4.5.0
test_02_revert_vm_snapshots in smoke/test_vm_snapshots.py fails in BVT runs
with the following exception:
2014-10-20 16:41:00,497 INFO [o.a.c.f.j.i.AsyncJobMonitor]
(API-Job-Executor-120:ctx-83b738d9 job-459) Add job-459 into job monitoring
2014-10-20 16:41:00,497 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(API-Job-Executor-120:ctx-83b738d9 job-459) Executing AsyncJobVO {id:459,
userId: 2, accountId: 2, instanceType: None, instanceId: null, cmd:
org.apache.cloudstack.api.command.admin.vmsnapshot.RevertToVMSnapshotCmdByAdmin,
cmdInfo:
{"response":"json","ctxDetails":"{\"com.cloud.vm.snapshot.VMSnapshot\":\"12280973-a1e4-43e3-80b3-3afacd607909\"}","cmdEventType":"VMSNAPSHOT.REVERTTO","ctxUserId":"2","httpmethod":"GET","vmsnapshotid":"12280973-a1e4-43e3-80b3-3afacd607909","ctxAccountId":"2","ctxStartEventId":"1406","apiKey":"aJwkScf5ziRwz8gKQ9HB0Ce6hSsTJTUtmUDUQ_U2teV3vVmuLQRLad8xqAgr7CrFOEQbywdVpKSt2yC_ORXLYg","signature":"cYBxgg8eBfktovmCaHYox2xoTE8\u003d"},
cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result:
null, initMsid: 11489258594360, completeMsid: null, lastUpdated: null,
lastPolled: null, created: null}
2014-10-20 16:41:00,529 ERROR [c.c.a.ApiAsyncJobDispatcher]
(API-Job-Executor-120:ctx-83b738d9 job-459) Unexpected exception while
executing
org.apache.cloudstack.api.command.admin.vmsnapshot.RevertToVMSnapshotCmdByAdmin
com.cloud.exception.InvalidParameterValueException: VM Snapshot revert not
allowed. This will result in VM state change. You can revert running VM to disk
and memory type snapshot and stopped VM to disk type snapshot
at
com.cloud.vm.snapshot.VMSnapshotManagerImpl.revertToSnapshot(VMSnapshotManagerImpl.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (CLOUDSTACK-7746) Baremetal related script erros seen on router console
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-7746: Assignee: (was: Rayees Namathponnan) > Baremetal related script erros seen on router console > - > > Key: CLOUDSTACK-7746 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7746 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.5.0 > Environment: Build from master >Reporter: Sangeetha Hariharan >Priority: Critical > Fix For: 4.5.0 > > Attachments: router.png > > > Baremetal related script erros seen on router console. > Advanced zone set up with 3 xenserver hosts in a cluster. > When logging into the console view of router , following script errors are > seen: > /opt/cloud/bin/baremetal-vr.py:159: SyntaxWarning : name 'server' is assigned > to before glocal declaration. .. > Attached is the screen shot -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Assigned] (CLOUDSTACK-7746) Baremetal related script erros seen on router console
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan reassigned CLOUDSTACK-7746: --- Assignee: Rayees Namathponnan > Baremetal related script erros seen on router console > - > > Key: CLOUDSTACK-7746 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7746 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.5.0 > Environment: Build from master >Reporter: Sangeetha Hariharan >Assignee: Rayees Namathponnan >Priority: Critical > Fix For: 4.5.0 > > Attachments: router.png > > > Baremetal related script erros seen on router console. > Advanced zone set up with 3 xenserver hosts in a cluster. > When logging into the console view of router , following script errors are > seen: > /opt/cloud/bin/baremetal-vr.py:159: SyntaxWarning : name 'server' is assigned > to before glocal declaration. .. > Attached is the screen shot -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CLOUDSTACK-7746) Baremetal related script erros seen on router console
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-7746: Attachment: router.png > Baremetal related script erros seen on router console > - > > Key: CLOUDSTACK-7746 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7746 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.5.0 > Environment: Build from master >Reporter: Sangeetha Hariharan >Priority: Critical > Fix For: 4.5.0 > > Attachments: router.png > > > Baremetal related script erros seen on router console. > Advanced zone set up with 3 xenserver hosts in a cluster. > When logging into the console view of router , following script errors are > seen: > /opt/cloud/bin/baremetal-vr.py:159: SyntaxWarning : name 'server' is assigned > to before glocal declaration. .. > Attached is the screen shot -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7746) Baremetal related script erros seen on router console
Sangeetha Hariharan created CLOUDSTACK-7746: --- Summary: Baremetal related script erros seen on router console Key: CLOUDSTACK-7746 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7746 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.5.0 Environment: Build from master Reporter: Sangeetha Hariharan Priority: Critical Fix For: 4.5.0 Baremetal related script erros seen on router console. Advanced zone set up with 3 xenserver hosts in a cluster. When logging into the console view of router , following script errors are seen: /opt/cloud/bin/baremetal-vr.py:159: SyntaxWarning : name 'server' is assigned to before glocal declaration. .. Attached is the screen shot -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CLOUDSTACK-7742) Xenserver HA - SSVM failing to start since it is running out of management ip address
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-7742: Description: HA - SSVM failing to start since it is running out of management ip address Set up: Cluster with 3 Xenserver hosts. I am executing host HA scenarios where host is being brought down ( or simulating contol path network failure / storage network failure). After couple of such scenarios , i see that the SSVM fails to start as part of HA the reason being running out of management nic: management server logs: 014-10-16 12:15:44,311 DEBUG [c.c.u.d.T.Transaction] (Work-Job-Executor-106:ctx-323991ca job-771/job-943 ctx-3a2e9ed6) Rolling back the transaction: Time = 1 Name = Work-Job-Executor-106; called by -TransactionLegacy.rollback:902-DataCenterIpAddressDaoImpl.takeIpAddress:61-GeneratedMethodAccessor493.invoke:-1-DelegatingMethodAccessorImpl.invoke:43-Method.invoke:606-AopUtils.invokeJoinpointUsingReflection:317-ReflectiveMethodInvocation.invokeJoinpoint:183-ReflectiveMethodInvocation.proceed:150-TransactionContextInterceptor.invoke:34-ReflectiveMethodInvocation.proceed:161-ExposeInvocationInterceptor.invoke:91-ReflectiveMethodInvocation.proceed:172 2014-10-16 12:15:44,312 INFO [c.c.v.VirtualMachineManagerImpl] (Work-Job-Executor-106:ctx-323991ca job-771/job-943 ctx-3a2e9ed6) Insufficient capacity com.cloud.exception.InsufficientAddressCapacityException: Unable to get a management ip addressScope=interface com.cloud.dc.Pod; id=1 at com.cloud.network.guru.PodBasedNetworkGuru.reserve(PodBasedNetworkGuru.java:123) at com.cloud.network.guru.StorageNetworkGuru.reserve(StorageNetworkGuru.java:122) at org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepareNic(NetworkOrchestrator.java:1338) at org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepare(NetworkOrchestrator.java:1309) at com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:970) at com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:4590) at sun.reflect.GeneratedMethodAccessor210.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:107) at com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineManagerImpl.java:4746) at com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102) at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:513) at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53) at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46) at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:470) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) 2014-10-16 12:15:44,324 DEBUG [c.c.v.VirtualMachineManagerImpl] (Work-Job-Executor-106:ctx-323991ca job-771/job-943 ctx-3a2e9ed6) Cleaning up resources for the vm VM[SecondaryStorageVm|s-115-VM] in Starting state There are 2 issues here: 1. Some of the SSVMs that are in destroyed state still have not released the management Ips back to the freepool of management ip address. 2. When CPVM is stopped , seems like the ipaddress associated with it has not been released to the freepool of management ip address. mysql> select id,name,state from vm_instance where id in (1,7,18,71); ++-+---+ | id | name| state | ++-+---+ | 1 | v-1-VM | Running | | 7 | s-7-VM | Destroyed | | 18 | s-18-VM | Destroyed | | 71 | s-71-VM | Destroyed | ++-+---+ 4 rows in set (0.00 sec) mysql> select instance_id from nics where id in (select nic_id from op_dc_ip_address_alloc where taken is not null); +-+ | instance_id | +-+ | 1 | | 7 | |
[jira] [Updated] (CLOUDSTACK-7742) Xenserver HA - SSVM failing to start since it is running out of management ip address
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-7742: Attachment: ssvm-fail.rar > Xenserver HA - SSVM failing to start since it is running out of management ip > address > -- > > Key: CLOUDSTACK-7742 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7742 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.5.0 > Environment: Build from master >Reporter: Sangeetha Hariharan > Attachments: ssvm-fail.rar > > > HA - SSVM failing to start since it is running out of management ip address > Set up: > Cluster with 3 Xenserver hosts. > I am executing host HA scenarios where host is being brought down ( or > simulating contol path network failure / storage network failure). > After couple of such scenarios , i see that the SSVM fails to start as part > of HA the reason being running out of management nic: > management server logs: > 014-10-16 12:15:44,311 DEBUG [c.c.u.d.T.Transaction] > (Work-Job-Executor-106:ctx-323991ca job-771/job-943 ctx-3a2e9ed6) Rolling > back the transaction: Time = 1 Name = Work-Job-Executor-106; called by > -TransactionLegacy.rollback:902-DataCenterIpAddressDaoImpl.takeIpAddress:61-GeneratedMethodAccessor493.invoke:-1-DelegatingMethodAccessorImpl.invoke:43-Method.invoke:606-AopUtils.invokeJoinpointUsingReflection:317-ReflectiveMethodInvocation.invokeJoinpoint:183-ReflectiveMethodInvocation.proceed:150-TransactionContextInterceptor.invoke:34-ReflectiveMethodInvocation.proceed:161-ExposeInvocationInterceptor.invoke:91-ReflectiveMethodInvocation.proceed:172 > 2014-10-16 12:15:44,312 INFO [c.c.v.VirtualMachineManagerImpl] > (Work-Job-Executor-106:ctx-323991ca job-771/job-943 ctx-3a2e9ed6) > Insufficient capacity > com.cloud.exception.InsufficientAddressCapacityException: Unable to get a > management ip addressScope=interface com.cloud.dc.Pod; id=1 > at > com.cloud.network.guru.PodBasedNetworkGuru.reserve(PodBasedNetworkGuru.java:123) > at > com.cloud.network.guru.StorageNetworkGuru.reserve(StorageNetworkGuru.java:122) > at > org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepareNic(NetworkOrchestrator.java:1338) > at > org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepare(NetworkOrchestrator.java:1309) > at > com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:970) > at > com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:4590) > at sun.reflect.GeneratedMethodAccessor210.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:107) > at > com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineManagerImpl.java:4746) > at > com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102) > at > org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:513) > at > org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49) > at > org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56) > at > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103) > at > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53) > at > org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46) > at > org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:470) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at java.util.concurrent.FutureTask.run(FutureTask.java:262) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > 2014-10-16 12:15:44,324 DEBUG [c.c.v.VirtualMachineManagerImpl] > (Work-Job-Executor-106:ctx-323991ca job-771/job-943 ctx-3a2e9ed6) Cleaning up > resources for the vm VM[SecondaryStorageVm|s-115-VM] in Starting state > There are 2 issues here: > 1. Some of the SSVMs that are in destroyed
[jira] [Created] (CLOUDSTACK-7742) Xenserver HA - SSVM failing to start since it is running out of management ip address
Sangeetha Hariharan created CLOUDSTACK-7742: --- Summary: Xenserver HA - SSVM failing to start since it is running out of management ip address Key: CLOUDSTACK-7742 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7742 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.5.0 Environment: Build from master Reporter: Sangeetha Hariharan HA - SSVM failing to start since it is running out of management ip address Set up: Cluster with 3 Xenserver hosts. I am executing host HA scenarios where host is being brought down ( or simulating contol path network failure / storage network failure). After couple of such scenarios , i see that the SSVM fails to start as part of HA the reason being running out of management nic: management server logs: 014-10-16 12:15:44,311 DEBUG [c.c.u.d.T.Transaction] (Work-Job-Executor-106:ctx-323991ca job-771/job-943 ctx-3a2e9ed6) Rolling back the transaction: Time = 1 Name = Work-Job-Executor-106; called by -TransactionLegacy.rollback:902-DataCenterIpAddressDaoImpl.takeIpAddress:61-GeneratedMethodAccessor493.invoke:-1-DelegatingMethodAccessorImpl.invoke:43-Method.invoke:606-AopUtils.invokeJoinpointUsingReflection:317-ReflectiveMethodInvocation.invokeJoinpoint:183-ReflectiveMethodInvocation.proceed:150-TransactionContextInterceptor.invoke:34-ReflectiveMethodInvocation.proceed:161-ExposeInvocationInterceptor.invoke:91-ReflectiveMethodInvocation.proceed:172 2014-10-16 12:15:44,312 INFO [c.c.v.VirtualMachineManagerImpl] (Work-Job-Executor-106:ctx-323991ca job-771/job-943 ctx-3a2e9ed6) Insufficient capacity com.cloud.exception.InsufficientAddressCapacityException: Unable to get a management ip addressScope=interface com.cloud.dc.Pod; id=1 at com.cloud.network.guru.PodBasedNetworkGuru.reserve(PodBasedNetworkGuru.java:123) at com.cloud.network.guru.StorageNetworkGuru.reserve(StorageNetworkGuru.java:122) at org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepareNic(NetworkOrchestrator.java:1338) at org.apache.cloudstack.engine.orchestration.NetworkOrchestrator.prepare(NetworkOrchestrator.java:1309) at com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:970) at com.cloud.vm.VirtualMachineManagerImpl.orchestrateStart(VirtualMachineManagerImpl.java:4590) at sun.reflect.GeneratedMethodAccessor210.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.cloud.vm.VmWorkJobHandlerProxy.handleVmWorkJob(VmWorkJobHandlerProxy.java:107) at com.cloud.vm.VirtualMachineManagerImpl.handleVmWorkJob(VirtualMachineManagerImpl.java:4746) at com.cloud.vm.VmWorkJobDispatcher.runJob(VmWorkJobDispatcher.java:102) at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:513) at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53) at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46) at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:470) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) 2014-10-16 12:15:44,324 DEBUG [c.c.v.VirtualMachineManagerImpl] (Work-Job-Executor-106:ctx-323991ca job-771/job-943 ctx-3a2e9ed6) Cleaning up resources for the vm VM[SecondaryStorageVm|s-115-VM] in Starting state There are 2 issues here: 1. Some of the SSVMs that are in destroyed state still have not released the management Ips back to the freepool. 2. Some of these destroyed SSVMs have 2 management ip addresses associated with it . why is this the case? 3. I still see 1 management ip address that is free , but SSVM is still not able to come up. mysql> select id,name,state from vm_instance where id in (1,7,18,71); ++-+---+ | id | name| state
[jira] [Updated] (CLOUDSTACK-7733) Admin/Regular User is not allowed to stop/start Vms that are running on disabled hosts.
[
https://issues.apache.org/jira/browse/CLOUDSTACK-7733?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan updated CLOUDSTACK-7733:
Priority: Critical (was: Major)
> Admin/Regular User is not allowed to stop/start Vms that are running on
> disabled hosts.
> ---
>
> Key: CLOUDSTACK-7733
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7733
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
>Affects Versions: 4.5.0
> Environment: Build from master
>Reporter: Sangeetha Hariharan
>Priority: Critical
>
> Steps to reproduce the problem:
> Deploy a Vm in a host say host1 using a service offering that has hosttags
> that matches with host1.
> Disable host.
> As admin , stop this VM.
> Now try to start the VM.
> This fails with "job failed due to exception Unable to create a deployment
> for VM[User|i-20-63-VM"
> {jobprocstatus : 0, created : u'2014-10-15T08:21:04-0400', jobresult :
> {errorcode : 530, errortext : u'Job failed due to exception Unable to create
> a deployment for VM[User|i-20-63-VM]'}, cmd :
> u'org.apache.cloudstack.api.command.admin.vm.StartVMCmdByAdmin', userid :
> u'f3d01d86-93bb-4ec7-a249-f1dc59ba33a1', jobstatus : 2, jobid :
> u'fbe3432d-f90c-49d7-a5ea-f1e65e88aae7', jobresultcode : 530, jobinstanceid :
> u'c9987836-8d76-4a55-bdce-6ef81c4cf51d', jobresulttype : u'object',
> jobinstancetype : u'VirtualMachine', accountid :
> u'54b7a442-2b1f-4df9-b3cc-14a4d8537a74'}
> Management server logs indicating that Vms cannot be started on the last host
> Id , when the host is disabled:
> 2014-10-15 09:37:24,480 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Work-Job-Executor-79:ctx-746fc
> d6f job-558/job-559 ctx-246fb1a1) Trying to allocate a host and storage pools
> from dc:1, pod:1,clus
> ter:2, requested cpu: 100, requested ram: 134217728
> 2014-10-15 09:37:24,480 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Work-Job-Executor-79:ctx-746fcd6f job-558/job-559 ctx-246fb1a1) Is ROOT
> volume READY (pool already allocated)?: Yes
> 2014-10-15 09:37:24,480 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Work-Job-Executor-79:ctx-746fcd6f job-558/job-559 ctx-246fb1a1) This VM has
> last host_id specified, trying to choose the same host: 4
> 2014-10-15 09:37:24,484 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Work-Job-Executor-79:ctx-746fcd6f job-558/job-559 ctx-246fb1a1) The last
> host of this VM is not UP or is not enabled, host status is: Up, host
> resource state is: Disabled
> 2014-10-15 09:37:24,484 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
> (Work-Job-Executor-79:ctx-746fcd6f job-558/job-559 ctx-246fb1a1) Cannot
> choose the last host to deploy this VM
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7735) Admin is not allowed deploy VM in a disabled host if hostId is parameter is not passed.
Sangeetha Hariharan created CLOUDSTACK-7735: --- Summary: Admin is not allowed deploy VM in a disabled host if hostId is parameter is not passed. Key: CLOUDSTACK-7735 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7735 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Affects Versions: 4.5.0 Environment: build from master Reporter: Sangeetha Hariharan Fix For: 4.5.0 Admin is not allowed deploy VM in a disabled host if hostId is parameter is not passed. Steps to reproduce the problem: Disable host h1. As admin, try to deploy a Vm in host1 using a service offering that has host tags that matches with host1. Admin is not allowed to deploy a VM in this host. This behavior is different from the behavior where admin is allowed to deploy Vms in disabled zone / disabled pod/ disabled cluster. But when I try to deploy a VM by passing hostId parameter , then I am allowed to deploy VM in this host. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7733) Admin/Regular User is not allowed to stop/start Vms that are running on disabled hosts.
Sangeetha Hariharan created CLOUDSTACK-7733:
---
Summary: Admin/Regular User is not allowed to stop/start Vms that
are running on disabled hosts.
Key: CLOUDSTACK-7733
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7733
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server
Affects Versions: 4.5.0
Environment: Build from master
Reporter: Sangeetha Hariharan
Steps to reproduce the problem:
Deploy a Vm in a host say host1 using a service offering that has hosttags that
matches with host1.
Disable host.
As admin , stop this VM.
Now try to start the VM.
This fails with "job failed due to exception Unable to create a deployment for
VM[User|i-20-63-VM"
{jobprocstatus : 0, created : u'2014-10-15T08:21:04-0400', jobresult :
{errorcode : 530, errortext : u'Job failed due to exception Unable to create a
deployment for VM[User|i-20-63-VM]'}, cmd :
u'org.apache.cloudstack.api.command.admin.vm.StartVMCmdByAdmin', userid :
u'f3d01d86-93bb-4ec7-a249-f1dc59ba33a1', jobstatus : 2, jobid :
u'fbe3432d-f90c-49d7-a5ea-f1e65e88aae7', jobresultcode : 530, jobinstanceid :
u'c9987836-8d76-4a55-bdce-6ef81c4cf51d', jobresulttype : u'object',
jobinstancetype : u'VirtualMachine', accountid :
u'54b7a442-2b1f-4df9-b3cc-14a4d8537a74'}
Management server logs indicating that Vms cannot be started on the last host
Id , when the host is disabled:
2014-10-15 09:37:24,480 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
(Work-Job-Executor-79:ctx-746fc
d6f job-558/job-559 ctx-246fb1a1) Trying to allocate a host and storage pools
from dc:1, pod:1,clus
ter:2, requested cpu: 100, requested ram: 134217728
2014-10-15 09:37:24,480 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
(Work-Job-Executor-79:ctx-746fcd6f job-558/job-559 ctx-246fb1a1) Is ROOT volume
READY (pool already allocated)?: Yes
2014-10-15 09:37:24,480 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
(Work-Job-Executor-79:ctx-746fcd6f job-558/job-559 ctx-246fb1a1) This VM has
last host_id specified, trying to choose the same host: 4
2014-10-15 09:37:24,484 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
(Work-Job-Executor-79:ctx-746fcd6f job-558/job-559 ctx-246fb1a1) The last host
of this VM is not UP or is not enabled, host status is: Up, host resource state
is: Disabled
2014-10-15 09:37:24,484 DEBUG [c.c.d.DeploymentPlanningManagerImpl]
(Work-Job-Executor-79:ctx-746fcd6f job-558/job-559 ctx-246fb1a1) Cannot choose
the last host to deploy this VM
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7732) [Automation] - Automate organization States Test Cases relating to enabling/disabling of zone,pod,host and cluster.
Sangeetha Hariharan created CLOUDSTACK-7732: --- Summary: [Automation] - Automate organization States Test Cases relating to enabling/disabling of zone,pod,host and cluster. Key: CLOUDSTACK-7732 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7732 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Test Affects Versions: 4.5.0 Reporter: Sangeetha Hariharan Fix For: 4.5.0 [Automation] - Automate organization States Test Cases relating to enabling/disabling of zone,pod,host and cluster -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CLOUDSTACK-7697) HA - No alerts being generated when SSVM/CPVM is being HA-ed to a different hosts.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14167295#comment-14167295 ] Sangeetha Hariharan commented on CLOUDSTACK-7697: - When HA of SSVM and CPVM is being done , we see the agent state from "Alert"->"Up". > HA - No alerts being generated when SSVM/CPVM is being HA-ed to a different > hosts. > -- > > Key: CLOUDSTACK-7697 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7697 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.5.0 > Environment: Build from 4.5 >Reporter: Sangeetha Hariharan > Fix For: 4.5.0 > > > HA - No alerts being generated when SSVM/CPVM is being HA-ed to a different > hosts. > Steps to reproduce the problem: > Zone with 1 cluster having 2 hosts. > Bring down master host where SSVM and CPVM is running. > All user Vms , SSVM and CPVM running in this host is HA-ed to another host. > There is no Alert being generated for SSVM and CPVM being detected as being > stopped . > Also there are no events/alerts being generated for all the user Vms that > were detected as being stopped and started in a different host. > Should we expect events/alerts being generated for these as well ? > mysql> select * from alert; > ++--+--++++-++-+-+--+--++ > | id | uuid | type | cluster_id | pod_id | > data_center_id | subject >| sent_count | created | last_sent > | resolved | archived | name | > ++--+--++++-++-+-+--+--++ > | 1 | aeef592e-3bb4-431e-911d-16280bf8a8ad | 14 | NULL | 0 | > 0 | Management network CIDR is not configured originally. Set it > default to 10.223.130.0/24 | 1 | 2014-10-09 22:19:14 | > 2014-10-09 22:19:14 | NULL |0 | ALERT.MANAGEMENT | > | 2 | 1a0bb67d-9346-4078-a80d-e6669116e7fd | 14 | NULL | 0 | > 0 | Management server node 10.223.130.101 is up > | 1 | 2014-10-09 22:19:16 | 2014-10-09 > 22:19:16 | NULL |0 | ALERT.MANAGEMENT | > | 3 | 5c37924e-50cd-413f-a37a-ac275dbc46f9 | 13 | NULL | 0 | > 0 | No usage server process running > | 1 | 2014-10-09 23:19:14 | 2014-10-09 > 23:19:14 | NULL |0 | ALERT.USAGE| > | 4 | 4d1b8b64-f59a-4405-a244-14e054297f04 |2 | 1 | 1 | > 1 | System Alert: Low Available Storage in cluster cluster1 pod > pod1 of availability zone zone1 | 1 | 2014-10-09 23:39:44 | > 2014-10-09 23:39:44 | NULL |0 | ALERT.STORAGE | > | 5 | aaf9bb96-799c-40d0-a652-96566c7ff47a |7 | NULL | 1 | > 1 | Host is down, name: Rack3Host20.lab.vmops.com (id:1), > availability zone: zone1, pod: pod1 | 1 | 2014-10-10 15:05:41 | > 2014-10-10 15:05:41 | NULL |0 | ALERT.COMPUTE.HOST | > ++--+--++++-++-+-+--+--++ > 5 rows in set (0.00 sec) > mysql> -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7697) HA - No alerts being generated when SSVM/CPVM is being HA-ed to a different hosts.
Sangeetha Hariharan created CLOUDSTACK-7697: --- Summary: HA - No alerts being generated when SSVM/CPVM is being HA-ed to a different hosts. Key: CLOUDSTACK-7697 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7697 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.5.0 Environment: Build from 4.5 Reporter: Sangeetha Hariharan Fix For: 4.5.0 HA - No alerts being generated when SSVM/CPVM is being HA-ed to a different hosts. Steps to reproduce the problem: Zone with 1 cluster having 2 hosts. Bring down master host where SSVM and CPVM is running. All user Vms , SSVM and CPVM running in this host is HA-ed to another host. There is no Alert being generated for SSVM and CPVM being detected as being stopped . Also there are no events/alerts being generated for all the user Vms that were detected as being stopped and started in a different host. Should we expect events/alerts being generated for these as well ? mysql> select * from alert; ++--+--++++-++-+-+--+--++ | id | uuid | type | cluster_id | pod_id | data_center_id | subject | sent_count | created | last_sent | resolved | archived | name | ++--+--++++-++-+-+--+--++ | 1 | aeef592e-3bb4-431e-911d-16280bf8a8ad | 14 | NULL | 0 | 0 | Management network CIDR is not configured originally. Set it default to 10.223.130.0/24 | 1 | 2014-10-09 22:19:14 | 2014-10-09 22:19:14 | NULL |0 | ALERT.MANAGEMENT | | 2 | 1a0bb67d-9346-4078-a80d-e6669116e7fd | 14 | NULL | 0 | 0 | Management server node 10.223.130.101 is up | 1 | 2014-10-09 22:19:16 | 2014-10-09 22:19:16 | NULL |0 | ALERT.MANAGEMENT | | 3 | 5c37924e-50cd-413f-a37a-ac275dbc46f9 | 13 | NULL | 0 | 0 | No usage server process running | 1 | 2014-10-09 23:19:14 | 2014-10-09 23:19:14 | NULL |0 | ALERT.USAGE| | 4 | 4d1b8b64-f59a-4405-a244-14e054297f04 |2 | 1 | 1 | 1 | System Alert: Low Available Storage in cluster cluster1 pod pod1 of availability zone zone1 | 1 | 2014-10-09 23:39:44 | 2014-10-09 23:39:44 | NULL |0 | ALERT.STORAGE | | 5 | aaf9bb96-799c-40d0-a652-96566c7ff47a |7 | NULL | 1 | 1 | Host is down, name: Rack3Host20.lab.vmops.com (id:1), availability zone: zone1, pod: pod1 | 1 | 2014-10-10 15:05:41 | 2014-10-10 15:05:41 | NULL |0 | ALERT.COMPUTE.HOST | ++--+--++++-++-+-+--+--++ 5 rows in set (0.00 sec) mysql> -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7629) addBaremetalRct() API call is not available in cloudstackAPI library in marvin.
Sangeetha Hariharan created CLOUDSTACK-7629: --- Summary: addBaremetalRct() API call is not available in cloudstackAPI library in marvin. Key: CLOUDSTACK-7629 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7629 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.5.0 Reporter: Sangeetha Hariharan Assignee: frank zhang Fix For: 4.5.0 addBaremetalRct() API call is not available in cloudstackAPI library in marvin. When a new API call is added , we expect the python libraries for this API to be available as part of cloudstackAPI in marvin. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7619) Baremetal - Have an out of the box Isolated network offering with PXE & DHCP services provided by VR slong with all other services from default isolated network offe
Sangeetha Hariharan created CLOUDSTACK-7619: --- Summary: Baremetal - Have an out of the box Isolated network offering with PXE & DHCP services provided by VR slong with all other services from default isolated network offering for baremetal instances. Key: CLOUDSTACK-7619 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7619 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Affects Versions: 4.5.0 Reporter: Sangeetha Hariharan Assignee: frank zhang Fix For: 4.5.0 Baremetal - Have an out of the box Isolated network offering with PXE & DHCP services provided by VR slong with all other services from default isolated network offering for baremetal instances. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Assigned] (CLOUDSTACK-7618) Baremetal - AddHost() API docs should include parameters - cpunumber,cpuspeed,memory,hostmac
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan reassigned CLOUDSTACK-7618: --- Assignee: frank zhang > Baremetal - AddHost() API docs should include parameters - > cpunumber,cpuspeed,memory,hostmac > > > Key: CLOUDSTACK-7618 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7618 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.5.0 >Reporter: Sangeetha Hariharan >Assignee: frank zhang > Fix For: 4.5.0 > > > Baremetal - AddHost() API docs should include parameters - > cpunumber,cpuspeed,memory,hostmac. > When adding a baremetal host , following 4 parameters are supported for > addHost() API call - cpunumber,cpuspeed,memory,hostmac. > API docs should include information about these parameters. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7618) Baremetal - AddHost() API docs should include parameters - cpunumber,cpuspeed,memory,hostmac
Sangeetha Hariharan created CLOUDSTACK-7618: --- Summary: Baremetal - AddHost() API docs should include parameters - cpunumber,cpuspeed,memory,hostmac Key: CLOUDSTACK-7618 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7618 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.5.0 Reporter: Sangeetha Hariharan Fix For: 4.5.0 Baremetal - AddHost() API docs should include parameters - cpunumber,cpuspeed,memory,hostmac. When adding a baremetal host , following 4 parameters are supported for addHost() API call - cpunumber,cpuspeed,memory,hostmac. API docs should include information about these parameters. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (CLOUDSTACK-7034) [Automation] - Automate ACL test cases relating to listVirtualMachines()
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7034?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-7034. --- Resolution: Fixed > [Automation] - Automate ACL test cases relating to listVirtualMachines() > > > Key: CLOUDSTACK-7034 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7034 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan > > [Automation] - Automate ACL test cases relating to listVirtualMachines() -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (CLOUDSTACK-7033) [Automation] - Automate ACL test cases relating to isolate Network for deleteNetwork() api..
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-7033. --- > [Automation] - Automate ACL test cases relating to isolate Network for > deleteNetwork() api.. > > > Key: CLOUDSTACK-7033 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7033 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan >Assignee: Sangeetha Hariharan > > [Automation] - Automate ACL test cases relating to isolate Network for > deleteNetwork() api -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (CLOUDSTACK-7033) [Automation] - Automate ACL test cases relating to isolate Network for deleteNetwork() api..
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan resolved CLOUDSTACK-7033. - Resolution: Fixed > [Automation] - Automate ACL test cases relating to isolate Network for > deleteNetwork() api.. > > > Key: CLOUDSTACK-7033 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7033 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan >Assignee: Sangeetha Hariharan > > [Automation] - Automate ACL test cases relating to isolate Network for > deleteNetwork() api -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (CLOUDSTACK-7514) Automation] - Automate ACL test cases relating to listSnapshots()
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7514?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-7514. --- Resolution: Fixed > Automation] - Automate ACL test cases relating to listSnapshots() > - > > Key: CLOUDSTACK-7514 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7514 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan >Assignee: Sangeetha Hariharan > > [Automation] - Automate ACL test cases relating to listSnapshots() -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (CLOUDSTACK-7587) Automation - Add simulator_only attribute to acl related test cases.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-7587. --- Resolution: Fixed > Automation - Add simulator_only attribute to acl related test cases. > > > Key: CLOUDSTACK-7587 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7587 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) >Reporter: Sangeetha Hariharan > > Automation - Add simulator_only attribute to acl related test cases. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7587) Automation - Add simulator_only attribute to acl related test cases.
Sangeetha Hariharan created CLOUDSTACK-7587: --- Summary: Automation - Add simulator_only attribute to acl related test cases. Key: CLOUDSTACK-7587 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7587 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Reporter: Sangeetha Hariharan Automation - Add simulator_only attribute to acl related test cases. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (CLOUDSTACK-7551) Automate ACL test cases relating to impersonation when depoying VM in shared network.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-7551. --- Resolution: Fixed > Automate ACL test cases relating to impersonation when depoying VM in shared > network. > -- > > Key: CLOUDSTACK-7551 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7551 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan > > Automate ACL test cases relating to impersonation when depoying VM in shared > network. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (CLOUDSTACK-7585) Automation - Fix test_acl_sharednetwork.py and test_acl_sharednetwork_deployVM-impersonation.py to pick "Shared Network" network offering when creating networks.
[
https://issues.apache.org/jira/browse/CLOUDSTACK-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan closed CLOUDSTACK-7585.
---
Resolution: Fixed
> Automation - Fix test_acl_sharednetwork.py and
> test_acl_sharednetwork_deployVM-impersonation.py to pick "Shared Network"
> network offering when creating networks.
> -
>
> Key: CLOUDSTACK-7585
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7585
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Test
>Affects Versions: 4.5.0
> Environment: test_acl_sharednetwork.py and
> test_acl_sharednetwork_deployVM-impersonation.py cases executed against
> simulator build in advanced zone set up.
>Reporter: Sangeetha Hariharan
> Fix For: 4.5.0
>
>
> Automation - Fix test_acl_sharednetwork.py and
> test_acl_sharednetwork_deployVM-impersonation.py to pick "Shared Network"
> network offering when creating networks.
> Attempting to create shared network on the advanced zone set up fails with
> following exception since the script tried to create network with "shared
> network with securitygroup enabled" network offering , when the real intent
> was to create network with "shared network".
> 2014-09-17 07:30:36,714 INFO [a.c.c.a.ApiServer]
> (catalina-exec-4:ctx-371aa034 ctx-671b4b25 ctx-6c06fff3) (userId=566
> accountId=621 sessionId=null) 10.220.135.94 -- GET
> jobid=9edd5afa-ade4-414b-9c84-ae045162140c&apiKey=1Qwx85LkDHJa5pbSN6BZwGrP-GyVSkzkG70wWLzaostLbopRqtgR-vpR9GMwohyfvt4wzldxj1QizAsjcrqDTA&command=queryAsyncJobResult&response=json&signature=kwsOpv9uEajw1D5rC1rvKAl3mXU%3D
> 200 { "queryasyncjobresultresponse" :
> {"accountid":"dfb8610d-1488-4e73-8d6d-75dabebc4891","userid":"1898cb06-16c9-4a6c-976e-9e7dfa933550","cmd":"org.apache.cloudstack.api.command.user.vm.DeployVMCmd","jobstatus":0,"jobprocstatus":0,"jobresultcode":0,"jobinstancetype":"VirtualMachine","jobinstanceid":"a0b03a69-6468-4957-855a-da5d6541452f","created":"2014-09-17T07:30:36+","jobid":"9edd5afa-ade4-414b-9c84-ae045162140c"}
> }
> 2014-09-17 07:30:36,821 INFO [a.c.c.a.ApiServer]
> (catalina-exec-13:ctx-70aa613c ctx-d326566c ctx-1b289a9f) (userId=2
> accountId=2 sessionId=null) 10.220.135.94 -- GET
> endip=10.223.1.100&apiKey=d-PIiwVeP_F-GpoQ0a8eSAnon806DSJGS9L34BPW3jmsAQz2LUNePLC9XQ-ILIMcDrGMSzQmMk8xrbfrRkpyXw&name=SharedNetwork-All&networkofferingid=4dc8bedc-58e5-47ef-b462-8c13b18765e4&startip=10.223.1.2&vlan=4001&zoneid=6c748d63-12c2-48c3-b84e-e81ff63ea441&netmask=255.255.255.0&acltype=Domain&displaytext=SharedNetwork-All&signature=NSWuzSOrbpLs9ggT6A3lf7SzXQs%3D&command=createNetwork&response=json&gateway=10.223.1.1
> 530 Provider SecurityGroupProvider is either not enabled or doesn't support
> service SecurityGroup in physical network id=200
> Root cause for this issue , is we query for networkoffering with
> "name=DefaultSharedNetworkOffering" which results in returning 2 entries ,
> "DefaultSharedNetworkOffering" and
> "DefaultSharedNetworkOfferingWithSGService". The script ends up picking the
> network offering of "DefaultSharedNetworkOfferingWithSGService"
> 2014-09-17 07:30:36,653 INFO [a.c.c.a.ApiServer]
> (catalina-exec-9:ctx-d64b7593 ctx-f74a4a25 ctx-f14b10c9) (userId=2
> accountId=2 sessionId=null) 10.220.135.94 -- GET
> response=json&apiKey=d-PIiwVeP_F-GpoQ0a8eSAnon806DSJGS9L34BPW3jmsAQz2LUNePLC9XQ-ILIMcDrGMSzQmMk8xrbfrRkpyXw&command=listNetworkOfferings&name=DefaultSharedNetworkOffering&signature=djKbBqXshW0SNBHMJjDnldyk7Ls%3D
> 200 { "listnetworkofferingsresponse" : { "count":2 ,"networkoffering" : [
> {"id":"4dc8bedc-58e5-47ef-b462-8c13b18765e4","name":"DefaultSharedNetworkOfferingWithSGService","displaytext":"Offering
> for Shared Security group enabled
> networks","traffictype":"Guest","isdefault":true,"specifyvlan":true,"conservemode":true,"specifyipranges":true,"availability":"Optional","networkrate":200,"state":"Enabled","guestiptype":"Shared","serviceofferingid":"caf28ce7-1a81-4767-9e64-c0b16700beed","service":[{"name":"Dhcp","provider":[{"name":"VirtualRouter"}]},{"name":"SecurityGroup","provider":[{"name":"SecurityGroupProvider"}]},{"name":"Dns","provider":[{"name":"VirtualRouter"}]},{"name":"UserData","provider":[{"name":"VirtualRouter"}]}],"forvpc":false,"ispersistent":false,"egressdefaultpolicy":false,"supportsstrechedl2subnet":false},
>
> {"id":"09d13c2a-4cd7-4700-a092-3192605c29cb","name":"DefaultSharedNetworkOffering","displaytext":"Offering
> for Shared
> networks","traffictype":"Guest","isdefault":true,"specifyvlan":true,"conservemode":true,"specifyipranges":true,"availability":"Optional"
[jira] [Closed] (CLOUDSTACK-7567) Automate ACL test cases relating to depoying VM in shared network with different scopes - All/Domain/Domain with subdomain/Account for Admin, domain admin and regular
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-7567. --- Resolution: Fixed > Automate ACL test cases relating to depoying VM in shared network with > different scopes - All/Domain/Domain with subdomain/Account for Admin, domain > admin and regular users. > - > > Key: CLOUDSTACK-7567 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7567 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan > > Automate ACL test cases relating to depoying VM in shared network with > different scopes - All/Domain/Domain with subdomain/Account for Admin, domain > admin and regular users. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CLOUDSTACK-6974) IAM-Root Admin - When listNetwork is used with listall=false (or no listall passed), all isoalted networks belonging to other users is listed.
[
https://issues.apache.org/jira/browse/CLOUDSTACK-6974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14139770#comment-14139770
]
Sangeetha Hariharan commented on CLOUDSTACK-6974:
-
listNetwork() with listall=false and isrecursive=true results in returning all
the networks that the admin can see .
listNetwork() with listall=false and isrecursive=false/not passed results in
returning all the networks that the admin can see in the "ROOT" domain .
In both the above cases , listNetwork() with listall=false should return only
the networks that he can use (which is isolated networks that he created and
shared network that he has access to).
> IAM-Root Admin - When listNetwork is used with listall=false (or no listall
> passed), all isoalted networks belonging to other users is listed.
> --
>
> Key: CLOUDSTACK-6974
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6974
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
>Affects Versions: 4.4.0
> Environment: Build from 4.4-forward
>Reporter: Sangeetha Hariharan
>
> Root Admin - When listNetwork is used with listall=false (or no listall
> passed) and isrecursive=true , all networks in the system are returned.
> Steps to reproduce the problem:
> Create multiple domains with few user and domain accounts in them.
> Create isolated networks as each of these accounts.
> Create an admin user under ROOT.
> As this admin user, deploy a VM.
> Use listNetwork with listall=false (or no listall passed) and
> isrecursive=true to retrieve all the networks owned by this admin.
> This results in all the networks in the system being returned.
> Following is the API call that was made , that resulted in 15 networks being
> fetched when it should have fetched only 1 isolated network and 1
> shared network.
> http://10.223.49.6:8080/client/api?apiKey=PB2CyeaqN0vfTodPzXV52OdE9YZLC8K-BrdLiEijWmq85nuAEfXVoAPxbzW0J5BgFAT-f5lnwDEgeOfp_boJAg&isrecursive=true&response=json&listall=false&command=listNetworks&signature=l%2FNR4aBSnk7aAEDHhlsAvEXe7Cg%3D
> Response: { "listnetworksresponse" : { "count":15 ,"network" : [
> {"id":"fb3b563c-5ba2-4f9a-aa65-82996f78f20e","name":"SharedNetwork-Account","displaytext":"SharedNetwork-Account","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.223.1.1","netmask":"255.255.255.0","cidr":"10.223.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"1bec2c7f-d35d-4d33-a655-d3159be4a6ff","networkofferingname":"DefaultSharedNetworkOfferingWithSGService","networkofferingdisplaytext":"Offering
> for Shared Security group enabled
> networks","networkofferingconservemode":true,"networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"fb3b563c-5ba2-4f9a-aa65-82996f78f20e","broadcasturi":"vlan://153","dns1":"4.2.2.2","type":"Shared","vlan":"153","acltype":"Account","account":"testD111A-TestNetworkList-RPNQIQ","domainid":"b706ea33-fbf7-4167-a857-16f79f332cf3","domain":"D111-A243U3","service":[
> {"name":"UserData"}
> ,{"name":"Dhcp","capability":[
> {"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}
> ]},{" ...
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (CLOUDSTACK-7585) Automation - Fix test_acl_sharednetwork.py and test_acl_sharednetwork_deployVM-impersonation.py to pick "Shared Network" network offering when creating networks.
[
https://issues.apache.org/jira/browse/CLOUDSTACK-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14139587#comment-14139587
]
Sangeetha Hariharan commented on CLOUDSTACK-7585:
-
Fixed test scripts to use additional parameter displayText="Offering for Shared
networks" when listing Network offerings,so that it returns only default shared
network offering.
> Automation - Fix test_acl_sharednetwork.py and
> test_acl_sharednetwork_deployVM-impersonation.py to pick "Shared Network"
> network offering when creating networks.
> -
>
> Key: CLOUDSTACK-7585
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7585
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Test
>Affects Versions: 4.5.0
> Environment: test_acl_sharednetwork.py and
> test_acl_sharednetwork_deployVM-impersonation.py cases executed against
> simulator build in advanced zone set up.
>Reporter: Sangeetha Hariharan
> Fix For: 4.5.0
>
>
> Automation - Fix test_acl_sharednetwork.py and
> test_acl_sharednetwork_deployVM-impersonation.py to pick "Shared Network"
> network offering when creating networks.
> Attempting to create shared network on the advanced zone set up fails with
> following exception since the script tried to create network with "shared
> network with securitygroup enabled" network offering , when the real intent
> was to create network with "shared network".
> 2014-09-17 07:30:36,714 INFO [a.c.c.a.ApiServer]
> (catalina-exec-4:ctx-371aa034 ctx-671b4b25 ctx-6c06fff3) (userId=566
> accountId=621 sessionId=null) 10.220.135.94 -- GET
> jobid=9edd5afa-ade4-414b-9c84-ae045162140c&apiKey=1Qwx85LkDHJa5pbSN6BZwGrP-GyVSkzkG70wWLzaostLbopRqtgR-vpR9GMwohyfvt4wzldxj1QizAsjcrqDTA&command=queryAsyncJobResult&response=json&signature=kwsOpv9uEajw1D5rC1rvKAl3mXU%3D
> 200 { "queryasyncjobresultresponse" :
> {"accountid":"dfb8610d-1488-4e73-8d6d-75dabebc4891","userid":"1898cb06-16c9-4a6c-976e-9e7dfa933550","cmd":"org.apache.cloudstack.api.command.user.vm.DeployVMCmd","jobstatus":0,"jobprocstatus":0,"jobresultcode":0,"jobinstancetype":"VirtualMachine","jobinstanceid":"a0b03a69-6468-4957-855a-da5d6541452f","created":"2014-09-17T07:30:36+","jobid":"9edd5afa-ade4-414b-9c84-ae045162140c"}
> }
> 2014-09-17 07:30:36,821 INFO [a.c.c.a.ApiServer]
> (catalina-exec-13:ctx-70aa613c ctx-d326566c ctx-1b289a9f) (userId=2
> accountId=2 sessionId=null) 10.220.135.94 -- GET
> endip=10.223.1.100&apiKey=d-PIiwVeP_F-GpoQ0a8eSAnon806DSJGS9L34BPW3jmsAQz2LUNePLC9XQ-ILIMcDrGMSzQmMk8xrbfrRkpyXw&name=SharedNetwork-All&networkofferingid=4dc8bedc-58e5-47ef-b462-8c13b18765e4&startip=10.223.1.2&vlan=4001&zoneid=6c748d63-12c2-48c3-b84e-e81ff63ea441&netmask=255.255.255.0&acltype=Domain&displaytext=SharedNetwork-All&signature=NSWuzSOrbpLs9ggT6A3lf7SzXQs%3D&command=createNetwork&response=json&gateway=10.223.1.1
> 530 Provider SecurityGroupProvider is either not enabled or doesn't support
> service SecurityGroup in physical network id=200
> Root cause for this issue , is we query for networkoffering with
> "name=DefaultSharedNetworkOffering" which results in returning 2 entries ,
> "DefaultSharedNetworkOffering" and
> "DefaultSharedNetworkOfferingWithSGService". The script ends up picking the
> network offering of "DefaultSharedNetworkOfferingWithSGService"
> 2014-09-17 07:30:36,653 INFO [a.c.c.a.ApiServer]
> (catalina-exec-9:ctx-d64b7593 ctx-f74a4a25 ctx-f14b10c9) (userId=2
> accountId=2 sessionId=null) 10.220.135.94 -- GET
> response=json&apiKey=d-PIiwVeP_F-GpoQ0a8eSAnon806DSJGS9L34BPW3jmsAQz2LUNePLC9XQ-ILIMcDrGMSzQmMk8xrbfrRkpyXw&command=listNetworkOfferings&name=DefaultSharedNetworkOffering&signature=djKbBqXshW0SNBHMJjDnldyk7Ls%3D
> 200 { "listnetworkofferingsresponse" : { "count":2 ,"networkoffering" : [
> {"id":"4dc8bedc-58e5-47ef-b462-8c13b18765e4","name":"DefaultSharedNetworkOfferingWithSGService","displaytext":"Offering
> for Shared Security group enabled
> networks","traffictype":"Guest","isdefault":true,"specifyvlan":true,"conservemode":true,"specifyipranges":true,"availability":"Optional","networkrate":200,"state":"Enabled","guestiptype":"Shared","serviceofferingid":"caf28ce7-1a81-4767-9e64-c0b16700beed","service":[{"name":"Dhcp","provider":[{"name":"VirtualRouter"}]},{"name":"SecurityGroup","provider":[{"name":"SecurityGroupProvider"}]},{"name":"Dns","provider":[{"name":"VirtualRouter"}]},{"name":"UserData","provider":[{"name":"VirtualRouter"}]}],"forvpc":false,"ispersistent":false,"egressdefaultpolicy":false,"supportsstrechedl2subnet":false},
>
> {"id":"09d13c2a-4cd7-4700-a092-3192605c29c
[jira] [Created] (CLOUDSTACK-7585) Automation - Fix test_acl_sharednetwork.py and test_acl_sharednetwork_deployVM-impersonation.py to pick "Shared Network" network offering when creating networks.
Sangeetha Hariharan created CLOUDSTACK-7585:
---
Summary: Automation - Fix test_acl_sharednetwork.py and
test_acl_sharednetwork_deployVM-impersonation.py to pick "Shared Network"
network offering when creating networks.
Key: CLOUDSTACK-7585
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7585
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Test
Affects Versions: 4.5.0
Environment: test_acl_sharednetwork.py and
test_acl_sharednetwork_deployVM-impersonation.py cases executed against
simulator build in advanced zone set up.
Reporter: Sangeetha Hariharan
Fix For: 4.5.0
Automation - Fix test_acl_sharednetwork.py and
test_acl_sharednetwork_deployVM-impersonation.py to pick "Shared Network"
network offering when creating networks.
Attempting to create shared network on the advanced zone set up fails with
following exception since the script tried to create network with "shared
network with securitygroup enabled" network offering , when the real intent was
to create network with "shared network".
2014-09-17 07:30:36,714 INFO [a.c.c.a.ApiServer] (catalina-exec-4:ctx-371aa034
ctx-671b4b25 ctx-6c06fff3) (userId=566 accountId=621 sessionId=null)
10.220.135.94 -- GET
jobid=9edd5afa-ade4-414b-9c84-ae045162140c&apiKey=1Qwx85LkDHJa5pbSN6BZwGrP-GyVSkzkG70wWLzaostLbopRqtgR-vpR9GMwohyfvt4wzldxj1QizAsjcrqDTA&command=queryAsyncJobResult&response=json&signature=kwsOpv9uEajw1D5rC1rvKAl3mXU%3D
200 { "queryasyncjobresultresponse" :
{"accountid":"dfb8610d-1488-4e73-8d6d-75dabebc4891","userid":"1898cb06-16c9-4a6c-976e-9e7dfa933550","cmd":"org.apache.cloudstack.api.command.user.vm.DeployVMCmd","jobstatus":0,"jobprocstatus":0,"jobresultcode":0,"jobinstancetype":"VirtualMachine","jobinstanceid":"a0b03a69-6468-4957-855a-da5d6541452f","created":"2014-09-17T07:30:36+","jobid":"9edd5afa-ade4-414b-9c84-ae045162140c"}
}
2014-09-17 07:30:36,821 INFO [a.c.c.a.ApiServer]
(catalina-exec-13:ctx-70aa613c ctx-d326566c ctx-1b289a9f) (userId=2 accountId=2
sessionId=null) 10.220.135.94 -- GET
endip=10.223.1.100&apiKey=d-PIiwVeP_F-GpoQ0a8eSAnon806DSJGS9L34BPW3jmsAQz2LUNePLC9XQ-ILIMcDrGMSzQmMk8xrbfrRkpyXw&name=SharedNetwork-All&networkofferingid=4dc8bedc-58e5-47ef-b462-8c13b18765e4&startip=10.223.1.2&vlan=4001&zoneid=6c748d63-12c2-48c3-b84e-e81ff63ea441&netmask=255.255.255.0&acltype=Domain&displaytext=SharedNetwork-All&signature=NSWuzSOrbpLs9ggT6A3lf7SzXQs%3D&command=createNetwork&response=json&gateway=10.223.1.1
530 Provider SecurityGroupProvider is either not enabled or doesn't support
service SecurityGroup in physical network id=200
Root cause for this issue , is we query for networkoffering with
"name=DefaultSharedNetworkOffering" which results in returning 2 entries ,
"DefaultSharedNetworkOffering" and "DefaultSharedNetworkOfferingWithSGService".
The script ends up picking the network offering of
"DefaultSharedNetworkOfferingWithSGService"
2014-09-17 07:30:36,653 INFO [a.c.c.a.ApiServer] (catalina-exec-9:ctx-d64b7593
ctx-f74a4a25 ctx-f14b10c9) (userId=2 accountId=2 sessionId=null) 10.220.135.94
-- GET
response=json&apiKey=d-PIiwVeP_F-GpoQ0a8eSAnon806DSJGS9L34BPW3jmsAQz2LUNePLC9XQ-ILIMcDrGMSzQmMk8xrbfrRkpyXw&command=listNetworkOfferings&name=DefaultSharedNetworkOffering&signature=djKbBqXshW0SNBHMJjDnldyk7Ls%3D
200 { "listnetworkofferingsresponse" : { "count":2 ,"networkoffering" : [
{"id":"4dc8bedc-58e5-47ef-b462-8c13b18765e4","name":"DefaultSharedNetworkOfferingWithSGService","displaytext":"Offering
for Shared Security group enabled
networks","traffictype":"Guest","isdefault":true,"specifyvlan":true,"conservemode":true,"specifyipranges":true,"availability":"Optional","networkrate":200,"state":"Enabled","guestiptype":"Shared","serviceofferingid":"caf28ce7-1a81-4767-9e64-c0b16700beed","service":[{"name":"Dhcp","provider":[{"name":"VirtualRouter"}]},{"name":"SecurityGroup","provider":[{"name":"SecurityGroupProvider"}]},{"name":"Dns","provider":[{"name":"VirtualRouter"}]},{"name":"UserData","provider":[{"name":"VirtualRouter"}]}],"forvpc":false,"ispersistent":false,"egressdefaultpolicy":false,"supportsstrechedl2subnet":false},
{"id":"09d13c2a-4cd7-4700-a092-3192605c29cb","name":"DefaultSharedNetworkOffering","displaytext":"Offering
for Shared
networks","traffictype":"Guest","isdefault":true,"specifyvlan":true,"conservemode":true,"specifyipranges":true,"availability":"Optional","networkrate":200,"state":"Enabled","guestiptype":"Shared","serviceofferingid":"caf28ce7-1a81-4767-9e64-c0b16700beed","service":[{"name":"Dhcp","provider":[{"name":"VirtualRouter"}]},{"name":"Dns","provider":[{"name":"VirtualRouter"}]},{"name":"UserData","provider":[{"name":"VirtualRouter"}]}],"forvpc":false,"ispersistent":false,"egressdefaultpolicy":false,"supportsstrechedl2subnet":f
[jira] [Updated] (CLOUDSTACK-7567) Automate ACL test cases relating to depoying VM in shared network with different scopes - All/Domain/Domain with subdomain/Account for Admin, domain admin and regula
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-7567: Description: Automate ACL test cases relating to depoying VM in shared network with different scopes - All/Domain/Domain with subdomain/Account for Admin, domain admin and regular users. > Automate ACL test cases relating to depoying VM in shared network with > different scopes - All/Domain/Domain with subdomain/Account for Admin, domain > admin and regular users. > - > > Key: CLOUDSTACK-7567 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7567 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan > > Automate ACL test cases relating to depoying VM in shared network with > different scopes - All/Domain/Domain with subdomain/Account for Admin, domain > admin and regular users. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CLOUDSTACK-7567) Automate ACL test cases relating to depoying VM in shared network with different scopes - All/Domain/Domain with subdomain/Account for Admin, domain admin and regula
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-7567: Description: (was: Automate ACL test cases relating to impersonation when depoying VM in shared network.) > Automate ACL test cases relating to depoying VM in shared network with > different scopes - All/Domain/Domain with subdomain/Account for Admin, domain > admin and regular users. > - > > Key: CLOUDSTACK-7567 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7567 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7567) Automate ACL test cases relating to depoying VM in shared network with different scopes - All/Domain/Domain with subdomain/Account for Admin, domain admin and regula
Sangeetha Hariharan created CLOUDSTACK-7567: --- Summary: Automate ACL test cases relating to depoying VM in shared network with different scopes - All/Domain/Domain with subdomain/Account for Admin, domain admin and regular users. Key: CLOUDSTACK-7567 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7567 Project: CloudStack Issue Type: Task Security Level: Public (Anyone can view this level - this is the default.) Components: marvin Affects Versions: 4.4.0 Reporter: Sangeetha Hariharan Automate ACL test cases relating to impersonation when depoying VM in shared network. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CLOUDSTACK-7551) Automate ACL test cases relating to impersonation when depoying VM in shared network.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-7551: Description: Automate ACL test cases relating to impersonation when depoying VM in shared network. (was: [Automation] - Automate ACL test cases relating to listVolumes()) > Automate ACL test cases relating to impersonation when depoying VM in shared > network. > -- > > Key: CLOUDSTACK-7551 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7551 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan > > Automate ACL test cases relating to impersonation when depoying VM in shared > network. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7551) Automate ACL test cases relating to impersonation when depoying VM in shared network.
Sangeetha Hariharan created CLOUDSTACK-7551: --- Summary: Automate ACL test cases relating to impersonation when depoying VM in shared network. Key: CLOUDSTACK-7551 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7551 Project: CloudStack Issue Type: Task Security Level: Public (Anyone can view this level - this is the default.) Components: marvin Affects Versions: 4.4.0 Reporter: Sangeetha Hariharan [Automation] - Automate ACL test cases relating to listVolumes() -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Assigned] (CLOUDSTACK-7514) Automation] - Automate ACL test cases relating to listSnapshots()
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7514?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan reassigned CLOUDSTACK-7514: --- Assignee: Sangeetha Hariharan > Automation] - Automate ACL test cases relating to listSnapshots() > - > > Key: CLOUDSTACK-7514 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7514 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan >Assignee: Sangeetha Hariharan > > [Automation] - Automate ACL test cases relating to listSnapshots() -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7523) java.lang.NullPointerException when listing accounts.
Sangeetha Hariharan created CLOUDSTACK-7523: --- Summary: java.lang.NullPointerException when listing accounts. Key: CLOUDSTACK-7523 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7523 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.5.0 Environment: Build from master Reporter: Sangeetha Hariharan Assignee: frank zhang Priority: Critical Fix For: 4.5.0 Deploy a fresh Management server. After this try to list Accounts , by going to Accounts tab in UI. There is no entries returned and the UI keeps spinning. listAccounts() fail with return code - 530 . 2014-09-09 12:38:59,932 INFO [a.c.c.a.ApiServer] (catalina-exec-18:ctx-0c561c21 ctx-dcbc1d59) (userId=2 accountId=2 sessionId=600DA8E1BD8DC8B8DF75DD5B5FC9E7E9) 10.215.3.17 -- GET command=listAccounts&response=json&sessionkey=2%2Bf%2BWC0FhPn6j%2BiLp3mj2POhdsY%3D&listAll=true&page=1&pagesize=20&_=1410305103203 530 null Following exception seen in management server logs: 2014-09-09 08:39:22,417 DEBUG [c.c.a.ApiServlet] (catalina-exec-7:ctx-d2a3ffdc) ===START=== 10.216.50.29 -- GET command=listAccounts&response=json&sessionkey=XkWSjL0e3Xe3ckgR5jW2CsSYOeA%3D&listAll=true&page=1&pagesize=20&_=1410290672605 2014-09-09 08:39:22,832 ERROR [c.c.a.ApiServer] (catalina-exec-7:ctx-d2a3ffdc ctx-9db713ee) unhandled exception executing api command: [Ljava.lang.String;@1a1bdce4 java.lang.NullPointerException at com.cloud.api.query.dao.AccountJoinDaoImpl.setResourceLimits(AccountJoinDaoImpl.java:144) at com.cloud.api.query.dao.AccountJoinDaoImpl.newAccountResponse(AccountJoinDaoImpl.java:79) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at com.cloud.utils.db.TransactionContextInterceptor.invoke(TransactionContextInterceptor.java:34) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.sun.proxy.$Proxy111.newAccountResponse(Unknown Source) at com.cloud.api.ApiDBUtils.newAccountResponse(ApiDBUtils.java:1788) at com.cloud.api.query.ViewResponseHelper.createAccountResponse(ViewResponseHelper.java:353) at com.cloud.api.query.QueryManagerImpl.searchForAccounts(QueryManagerImpl.java:1835) at org.apache.cloudstack.api.command.user.account.ListAccountsCmd.execute(ListAccountsCmd.java:93) at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:141) at com.cloud.api.ApiServer.queueCommand(ApiServer.java:694) at com.cloud.api.ApiServer.handleRequest(ApiServer.java:517) at com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:273) at com.cloud.api.ApiServlet$1.run(ApiServlet.java:117) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53) at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:114) at com.cloud.api.ApiServlet.doGet(ApiServlet.java:76) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.c
[jira] [Updated] (CLOUDSTACK-7514) Automation] - Automate ACL test cases relating to listSnapshots()
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7514?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-7514: Description: [Automation] - Automate ACL test cases relating to listSnapshots() (was: [Automation] - Automate ACL test cases relating to listVolumes()) > Automation] - Automate ACL test cases relating to listSnapshots() > - > > Key: CLOUDSTACK-7514 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7514 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan > > [Automation] - Automate ACL test cases relating to listSnapshots() -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7514) Automation] - Automate ACL test cases relating to listSnapshots()
Sangeetha Hariharan created CLOUDSTACK-7514: --- Summary: Automation] - Automate ACL test cases relating to listSnapshots() Key: CLOUDSTACK-7514 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7514 Project: CloudStack Issue Type: Task Security Level: Public (Anyone can view this level - this is the default.) Components: marvin Affects Versions: 4.4.0 Reporter: Sangeetha Hariharan [Automation] - Automate ACL test cases relating to listVolumes() -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Issue Comment Deleted] (CLOUDSTACK-7391) [Automation] Fix the script "test_host_high_availability.py" - Error Message: "suitablehost should not be None"
[
https://issues.apache.org/jira/browse/CLOUDSTACK-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan updated CLOUDSTACK-7391:
Comment: was deleted
(was: This is an issue with test scripts where listHosts() API call needs to
called with VM id , so that the "suitableformigration" parameter is set to
"true" for hosts.
This is already tracked in https://issues.apache.org/jira/browse/CLOUDSTACK-7391
)
> [Automation] Fix the script "test_host_high_availability.py" - Error Message:
> "suitablehost should not be None"
> ---
>
> Key: CLOUDSTACK-7391
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7391
> Project: CloudStack
> Issue Type: Test
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Automation, Test
>Affects Versions: 4.5.0
>Reporter: Chandan Purushothama
>Assignee: Gaurav Aradhye
> Fix For: 4.5.0
>
>
> ==
> Client Code:
> ==
> def test_03_cant_migrate_vm_to_host_with_ha_positive(self):
> """ Verify you can not migrate VMs to hosts with an ha.tag (positive)
> """
> .
> .
> .
> vm = vms[0]
> self.debug("Deployed VM on host: %s" % vm.hostid)
> #Find out a Suitable host for VM migration
> list_hosts_response = list_hosts(
> self.apiclient, *BUG: Query the list of hosts with vm id. Only
> then the response will have list of suitable and non-suitable hosts. Else
> "suitableforMigration" is not returned in the response*
> )
> self.assertEqual(
> isinstance(list_hosts_response, list),
> True,
> "The listHosts API returned the invalid list"
> )
> self.assertNotEqual(
> len(list_hosts_response),
> 0,
> "The listHosts returned nothing."
> )
> suitableHost = None
> for host in list_hosts_response:
> if host.suitableformigration == True and host.hostid != vm.hostid:
> suitableHost = host
> break
> self.assertTrue(suitableHost is not None, "suitablehost should not be
> None")
> *Error Message: "suitablehost should not be None"*
> {code}
> Cmd : listHosts===
> requests.packages.urllib3.connectionpool: INFO: Starting new HTTP connection
> (1): 10.220.135.39
> requests.packages.urllib3.connectionpool: DEBUG: "GET
> /client/api?apiKey=NpffyWZkfwK7gPcNpx28Ohv6K56ftl57A409SyokqHjJ2ZNe3AvvF3F0teTETeIIqrtlcWpQOooM3cQyPveGXw&command=listHosts&response=json&signature=gh2gh3mSzQNAcfMdspqc9v1JE3U%3D
> HTTP/1.1" 200 3708
> test_03_cant_migrate_vm_to_host_with_ha_positive
> (integration.component.maint.test_host_high_availability.TestHostHighAvailability):
> DEBUG: Response : [{name : u's-2-VM', created : u'2014-08-20T04:31:37+',
> ipaddress : u'10.220.136.107', islocalstorageactive : False, podid :
> u'027c1e45-5867-40f8-8ad9-685b5eb63dd2', resourcestate : u'Enabled', zoneid :
> u'f2acfe0c-c8c8-4353-8f97-a3e0f14d6357', state : u'Up', version :
> u'4.5.0-SNAPSHOT', managementserverid : 231707544610094, podname :
> u'XenRT-Zone-0-Pod-0', id : u'bb004159-d510-42b4-bfd5-878140a11f78',
> lastpinged : u'1970-01-16T22:04:57+', type : u'SecondaryStorageVM',
> events : u'AgentDisconnected; PingTimeout; Remove; ShutdownRequested;
> AgentConnected; HostDown; ManagementServerDown; Ping; StartAgentRebalance',
> zonename : u'XenRT-Zone-0'}, {name : u'v-1-VM', created :
> u'2014-08-20T04:31:37+', ipaddress : u'10.220.136.105',
> islocalstorageactive : False, podid :
> u'027c1e45-5867-40f8-8ad9-685b5eb63dd2', resourcestate : u'Enabled', zoneid :
> u'f2acfe0c-c8c8-4353-8f97-a3e0f14d6357', state : u'Up', version :
> u'4.5.0-SNAPSHOT', managementserverid : 231707544610094, podname :
> u'XenRT-Zone-0-Pod-0', id : u'f328a0d1-f4cb-4486-9550-dd46c403c3ed',
> lastpinged : u'1970-01-16T22:04:57+', type : u'ConsoleProxy', events :
> u'AgentDisconnected; PingTimeout; Remove; ShutdownRequested; AgentConnected;
> HostDown; ManagementServerDown; Ping; StartAgentRebalance', zonename :
> u'XenRT-Zone-0'}, {cpuwithoverprovisioning : u'28800.0', version :
> u'4.5.0-SNAPSHOT', memorytotal : 31073792896, zoneid :
> u'f2acfe0c-c8c8-4353-8f97-a3e0f14d6357', cpunumber : 12, managementserverid :
> 231707544610094, cpuallocated : u'2.08%', memoryused : 4211653, id :
> u'1f5f180e-3eb1-4a6a-92f8-8df71df57962', cpuused : u'0.03%',
> hypervisorversion : u'6.2.0', clusterid :
> u'af55ad36-15c8-424b-916b-db1550aae5ff', capabilities : u'xen-3.0-x86_64 ,
> xen-3.0-x86_32p , hvm-3.0-x86_32 , hvm-3.0-x86_32p , hvm-3.0-x86_64', state :
> u'Up', memoryallocated : 268435456, networkkbswrite : 5383, cpuspeed : 2400,
[jira] [Commented] (CLOUDSTACK-7391) [Automation] Fix the script "test_host_high_availability.py" - Error Message: "suitablehost should not be None"
[
https://issues.apache.org/jira/browse/CLOUDSTACK-7391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14122208#comment-14122208
]
Sangeetha Hariharan commented on CLOUDSTACK-7391:
-
This is an issue with test scripts where listHosts() API call needs to called
with VM id , so that the "suitableformigration" parameter is set to "true" for
hosts.
This is already tracked in https://issues.apache.org/jira/browse/CLOUDSTACK-7391
> [Automation] Fix the script "test_host_high_availability.py" - Error Message:
> "suitablehost should not be None"
> ---
>
> Key: CLOUDSTACK-7391
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7391
> Project: CloudStack
> Issue Type: Test
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Automation, Test
>Affects Versions: 4.5.0
>Reporter: Chandan Purushothama
>Assignee: Gaurav Aradhye
> Fix For: 4.5.0
>
>
> ==
> Client Code:
> ==
> def test_03_cant_migrate_vm_to_host_with_ha_positive(self):
> """ Verify you can not migrate VMs to hosts with an ha.tag (positive)
> """
> .
> .
> .
> vm = vms[0]
> self.debug("Deployed VM on host: %s" % vm.hostid)
> #Find out a Suitable host for VM migration
> list_hosts_response = list_hosts(
> self.apiclient, *BUG: Query the list of hosts with vm id. Only
> then the response will have list of suitable and non-suitable hosts. Else
> "suitableforMigration" is not returned in the response*
> )
> self.assertEqual(
> isinstance(list_hosts_response, list),
> True,
> "The listHosts API returned the invalid list"
> )
> self.assertNotEqual(
> len(list_hosts_response),
> 0,
> "The listHosts returned nothing."
> )
> suitableHost = None
> for host in list_hosts_response:
> if host.suitableformigration == True and host.hostid != vm.hostid:
> suitableHost = host
> break
> self.assertTrue(suitableHost is not None, "suitablehost should not be
> None")
> *Error Message: "suitablehost should not be None"*
> {code}
> Cmd : listHosts===
> requests.packages.urllib3.connectionpool: INFO: Starting new HTTP connection
> (1): 10.220.135.39
> requests.packages.urllib3.connectionpool: DEBUG: "GET
> /client/api?apiKey=NpffyWZkfwK7gPcNpx28Ohv6K56ftl57A409SyokqHjJ2ZNe3AvvF3F0teTETeIIqrtlcWpQOooM3cQyPveGXw&command=listHosts&response=json&signature=gh2gh3mSzQNAcfMdspqc9v1JE3U%3D
> HTTP/1.1" 200 3708
> test_03_cant_migrate_vm_to_host_with_ha_positive
> (integration.component.maint.test_host_high_availability.TestHostHighAvailability):
> DEBUG: Response : [{name : u's-2-VM', created : u'2014-08-20T04:31:37+',
> ipaddress : u'10.220.136.107', islocalstorageactive : False, podid :
> u'027c1e45-5867-40f8-8ad9-685b5eb63dd2', resourcestate : u'Enabled', zoneid :
> u'f2acfe0c-c8c8-4353-8f97-a3e0f14d6357', state : u'Up', version :
> u'4.5.0-SNAPSHOT', managementserverid : 231707544610094, podname :
> u'XenRT-Zone-0-Pod-0', id : u'bb004159-d510-42b4-bfd5-878140a11f78',
> lastpinged : u'1970-01-16T22:04:57+', type : u'SecondaryStorageVM',
> events : u'AgentDisconnected; PingTimeout; Remove; ShutdownRequested;
> AgentConnected; HostDown; ManagementServerDown; Ping; StartAgentRebalance',
> zonename : u'XenRT-Zone-0'}, {name : u'v-1-VM', created :
> u'2014-08-20T04:31:37+', ipaddress : u'10.220.136.105',
> islocalstorageactive : False, podid :
> u'027c1e45-5867-40f8-8ad9-685b5eb63dd2', resourcestate : u'Enabled', zoneid :
> u'f2acfe0c-c8c8-4353-8f97-a3e0f14d6357', state : u'Up', version :
> u'4.5.0-SNAPSHOT', managementserverid : 231707544610094, podname :
> u'XenRT-Zone-0-Pod-0', id : u'f328a0d1-f4cb-4486-9550-dd46c403c3ed',
> lastpinged : u'1970-01-16T22:04:57+', type : u'ConsoleProxy', events :
> u'AgentDisconnected; PingTimeout; Remove; ShutdownRequested; AgentConnected;
> HostDown; ManagementServerDown; Ping; StartAgentRebalance', zonename :
> u'XenRT-Zone-0'}, {cpuwithoverprovisioning : u'28800.0', version :
> u'4.5.0-SNAPSHOT', memorytotal : 31073792896, zoneid :
> u'f2acfe0c-c8c8-4353-8f97-a3e0f14d6357', cpunumber : 12, managementserverid :
> 231707544610094, cpuallocated : u'2.08%', memoryused : 4211653, id :
> u'1f5f180e-3eb1-4a6a-92f8-8df71df57962', cpuused : u'0.03%',
> hypervisorversion : u'6.2.0', clusterid :
> u'af55ad36-15c8-424b-916b-db1550aae5ff', capabilities : u'xen-3.0-x86_64 ,
> xen-3.0-x86_32p , hvm-3.0-x86_32 , hvm-3.0-x86_32p , hvm-3.0-x86_64', state :
> u'Up', memoryallocated : 268435456, networkkbswrite
[jira] [Updated] (CLOUDSTACK-7492) [Automation] - Automate ACL test cases relating to listVolumes()
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-7492: Summary: [Automation] - Automate ACL test cases relating to listVolumes() (was: [Automation] - Automate ACL test cases relating to listVolume()) > [Automation] - Automate ACL test cases relating to listVolumes() > > > Key: CLOUDSTACK-7492 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7492 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan > > [Automation] - Automate ACL test cases relating to listVolumes() -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7492) [Automation] - Automate ACL test cases relating to listVolume()
Sangeetha Hariharan created CLOUDSTACK-7492: --- Summary: [Automation] - Automate ACL test cases relating to listVolume() Key: CLOUDSTACK-7492 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7492 Project: CloudStack Issue Type: Task Security Level: Public (Anyone can view this level - this is the default.) Components: marvin Affects Versions: 4.4.0 Reporter: Sangeetha Hariharan [Automation] - Automate ACL test cases relating to listVirtualMachines() -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CLOUDSTACK-7492) [Automation] - Automate ACL test cases relating to listVolume()
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-7492: Description: [Automation] - Automate ACL test cases relating to listVolumes() (was: [Automation] - Automate ACL test cases relating to listVirtualMachines()) > [Automation] - Automate ACL test cases relating to listVolume() > --- > > Key: CLOUDSTACK-7492 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7492 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan > > [Automation] - Automate ACL test cases relating to listVolumes() -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CLOUDSTACK-7471) Regular user is allowed to deleteNetwork/RestartNetwork that does not belong to him.He is also able to deploy Vm for other users.
Sangeetha Hariharan created CLOUDSTACK-7471:
---
Summary: Regular user is allowed to deleteNetwork/RestartNetwork
that does not belong to him.He is also able to deploy Vm for other users.
Key: CLOUDSTACK-7471
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7471
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server
Affects Versions: 4.5.0
Environment: build from master
Reporter: Sangeetha Hariharan
Assignee: Min Chen
Scenario 1 :
Regular user is allowed to delete networks that belong to other users
Create a regular user - d1-a in Domain - d1.
Create another regular user - d1-b in Domain - d1.
As user d1-a , create a network.
As user d1-b , delete network that belongs to d1-a.
We expect this to not succeed.
But we are allowed to do this.
Snippet from apilog indicating AccountId- 92 is attempting the restart network.
2014-08-29 06:59:57,912 INFO [a.c.c.a.ApiServer] (catalina-exec-23:ctx-05f928b8
ctx-c081eb69) (userId=92 accountId=92 sessionId=DC
A599AA77169CA107BA0AADA19667F7) 10.215.3.6 – GET
command=deleteNetwork&id=2f2cc737-ba0f-4806-a81b-92a5749cfe7b&response=json&sessi
onkey=NHvM0k5Rg%2FQspJg2g0YnQP%2Fhq34%3D 200 { "deletenetworkresponse" :
{"jobid":"05daf212-1aa7-4885-b133-2645a6ceb7df"}
}
Snippet from DB indicating that the owner of network is account_id=89 .
mysql> select account_id,domain_id from networks where
uuid="2f2cc737-ba0f-4806-a81b-92a5749cfe7b";
-+
account_id domain_id
-+
89 37
-+
1 row in set (0.00 sec)
Snippet from management server logs indicating success:
2014-08-29 06:59:57,911 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl]
(catalina-exec-23:ctx-05f928b8 ctx-c081eb69) submit async job-995,
details: AsyncJobVO {id:995, userId: 92, accountId: 92, instanceType: None,
instanceId: null, cmd: org.apache.cloudstack.api.comman
d.user.network.DeleteNetworkCmd, cmdInfo:
{"response":"json","id":"2f2cc737-ba0f-4806-a81b-92a5749cfe7b","sessionkey":"NHvM0k5Rg/Qs
pJg2g0YnQP/hq34\u003d","ctxDetails":"
{\"com.cloud.network.Network\":\"2f2cc737-ba0f-4806-a81b-92a5749cfe7b\"}
","cmdEventType":"NETW
ORK.DELETE","ctxUserId":"92","httpmethod":"GET","uuid":"2f2cc737-ba0f-4806-a81b-92a5749cfe7b","ctxAccountId":"92","ctxStartEventId"
:"3020"}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0,
result: null, initMsid: 82324189320212, completeMsid
: null, lastUpdated: null, lastPolled: null, created: null}
2014-08-29 06:59:57,912 DEBUG [c.c.a.ApiServlet] (catalina-exec-23:ctx-05f928b8
ctx-c081eb69) ===END=== 10.215.3.6 – GET command
=deleteNetwork&id=2f2cc737-ba0f-4806-a81b-92a5749cfe7b&response=json&sessionkey=NHvM0k5Rg%2FQspJg2g0YnQP%2Fhq34%3D
2014-08-29 06:59:57,934 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) Network is al
ready shutdown: Ntwk[390|Guest|8]
2014-08-29 06:59:57,937 DEBUG [c.c.n.r.RulesManagerImpl]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) Releasing 0 port f
orwarding rules for network id=390
2014-08-29 06:59:57,938 DEBUG [c.c.n.r.RulesManagerImpl]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) Releasing 0 static
nat rules for network id=390
2014-08-29 06:59:57,939 DEBUG [c.c.n.r.RulesManagerImpl]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) There are no port
forwarding rules to apply for network id=390
2014-08-29 06:59:57,940 DEBUG [c.c.n.r.RulesManagerImpl]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) There are no stati
c nat rules to apply for network id=390
2014-08-29 06:59:57,941 DEBUG [c.c.n.r.RulesManagerImpl]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) Successfully relea
sed rules for network id=390 and # of rules now = 0
2014-08-29 06:59:57,941 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) Successfully
cleaned up portForwarding/staticNat rules for network id=390
2014-08-29 06:59:57,942 DEBUG [c.c.n.l.LoadBalancingRulesManagerImpl]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) Found
0 lb rules to cleanup
2014-08-29 06:59:57,942 DEBUG [o.a.c.e.o.NetworkOrchestrator]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) Successfully
cleaned up load balancing rules for network id=390
2014-08-29 06:59:57,949 DEBUG [c.c.n.f.FirewallManagerImpl]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) Releasing 0 firewall
rules for network id=390
2014-08-29 06:59:57,950 DEBUG [c.c.n.f.FirewallManagerImpl]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) There are no firewall
rules to apply
2014-08-29 06:59:57,950 DEBUG [c.c.n.f.FirewallManagerImpl]
(API-Job-Executor-40:ctx-71036d41 job-995 ctx-502dafa1) Successfully released
firewall rules for network id
[jira] [Created] (CLOUDSTACK-7035) [Automation] - Automate ACL test cases relating to listNetworks() for isolated and shared networks.
Sangeetha Hariharan created CLOUDSTACK-7035: --- Summary: [Automation] - Automate ACL test cases relating to listNetworks() for isolated and shared networks. Key: CLOUDSTACK-7035 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7035 Project: CloudStack Issue Type: Task Security Level: Public (Anyone can view this level - this is the default.) Components: marvin Affects Versions: 4.4.0 Reporter: Sangeetha Hariharan [Automation] - Automate ACL test cases relating to listNetworks() for isolated and shared networks -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CLOUDSTACK-7034) [Automation] - Automate ACL test cases relating to listVirtualMachines()
Sangeetha Hariharan created CLOUDSTACK-7034: --- Summary: [Automation] - Automate ACL test cases relating to listVirtualMachines() Key: CLOUDSTACK-7034 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7034 Project: CloudStack Issue Type: Task Security Level: Public (Anyone can view this level - this is the default.) Components: marvin Affects Versions: 4.4.0 Reporter: Sangeetha Hariharan [Automation] - Automate ACL test cases relating to listVirtualMachines() -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Assigned] (CLOUDSTACK-7033) [Automation] - Automate ACL test cases relating to isolate Network for deleteNetwork() api..
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan reassigned CLOUDSTACK-7033: --- Assignee: Sangeetha Hariharan > [Automation] - Automate ACL test cases relating to isolate Network for > deleteNetwork() api.. > > > Key: CLOUDSTACK-7033 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7033 > Project: CloudStack > Issue Type: Task > Security Level: Public(Anyone can view this level - this is the > default.) > Components: marvin >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan >Assignee: Sangeetha Hariharan > > [Automation] - Automate ACL test cases relating to isolate Network for > deleteNetwork() api -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CLOUDSTACK-7033) [Automation] - Automate ACL test cases relating to isolate Network for deleteNetwork() api..
Sangeetha Hariharan created CLOUDSTACK-7033: --- Summary: [Automation] - Automate ACL test cases relating to isolate Network for deleteNetwork() api.. Key: CLOUDSTACK-7033 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7033 Project: CloudStack Issue Type: Task Security Level: Public (Anyone can view this level - this is the default.) Components: marvin Affects Versions: 4.4.0 Reporter: Sangeetha Hariharan [Automation] - Automate ACL test cases relating to isolate Network for deleteNetwork() api -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Resolved] (CLOUDSTACK-7002) [Automation] - Automate ACL test cases relating to isolate Network for createNetwork(), restartNetwork() and deploying Vms in a isolated network.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan resolved CLOUDSTACK-7002. - Resolution: Fixed Automated 33 test cases relating to access checks for createNetwork(), deploying VM in an isolated network and restarNetwork. Author: Sangeetha Date: Thu Jun 26 13:40:53 2014 -0700 This test suite contains test cases relating to access checks for createNetwork(), deploying VM in an isolated.. commit 9c2e6f5ed45522ff68131556028f3fb4ff91ee90 Review for this patch is tracked in https://reviews.apache.org/r/22709/ Test results: # Validate that Admin should be able to create network for himslef ... === TestName: test_01_createNetwork_admin | Status : SUCCESS === ok # Validate that Admin should be able to create network for users in his domain ... === TestName: test_02_createNetwork_admin_foruserinsamedomain | Status : SUCCESS === ok # Validate that Admin should be able to create network for users in his sub domain ... === TestName: test_03_createNetwork_admin_foruserinotherdomain | Status : SUCCESS === ok # Validate that Domain admin should be able to create network for himslef ... === TestName: test_04_createNetwork_domaindmin | Status : SUCCESS === ok # Validate that Domain admin should be able to create network for users in his domain ... === TestName: test_05_createNetwork_domaindmin_foruserinsamedomain | Status : SUCCESS === ok # Validate that Domain admin should be able to create network for users in his sub domain ... === TestName: test_06_createNetwork_domaindmin_foruserinsubdomain | Status : SUCCESS === ok # Validate that Domain admin should not be able to create network for users in his sub domain ... === TestName: test_07_createNetwork_domaindmin_forcrossdomainuser | Status : SUCCESS === ok # Validate that Regular should be able to create network for himslef ... === TestName: test_08_createNetwork_user | Status : SUCCESS === ok # Validate that Regular user should NOT be able to create network for users in his domain ... === TestName: test_09_createNetwork_user_foruserinsamedomain | Status : SUCCESS === ok # Validate that Domain admin should be NOT be able to create network for users in other domains ... === TestName: test_10_createNetwork_user_foruserinotherdomain | Status : SUCCESS === ok # Validate that Admin should be able to deploy VM in the networks he owns ... === TestName: test_11_deployvm_admin | Status : SUCCESS === ok # Validate that Admin should be able to deploy Vm for users in his domain ... === TestName: test_12_deployvm_admin_foruserinsamedomain | Status : SUCCESS === ok # Validate that Admin should not be able deploy VM for a user in a network that does not belong to the user ... === TestName: test_13_1_deployvm_admin_foruserinotherdomain_crossnetwork | Status : SUCCESS === ok # Validate that Domain admin should be able to deploy vm for himslef ... === TestName: test_14_deployvm_domaindmin | Status : SUCCESS === ok # Validate that Domain admin should be able to deploy vm for users in his domain ... === TestName: test_15_deployvm_domaindmin_foruserinsamedomain | Status : SUCCESS === ok # Validate that Domain admin should be able to deploy vm for users in his sub domain ... === TestName: test_16_deployvm_domaindmin_foruserinsubdomain | Status : SUCCESS === ok # Validate that Domain admin should not be able deploy VM for a user in a network that does not belong to the user ... === TestName: test_17_1_deployvm_domainadmin_foruserinotherdomain_crossnetwork | Status : SUCCESS === ok # Validate that Domain admin should not be able allowed to deploy vm for users not in his sub domain ... === TestName: test_17_deployvm_domaindmin_forcrossdomainuser | Status : SUCCESS === ok # Validate that Regular should be able to deploy vm for himslef ... === TestName: test_18_deployvm_user | Status : SUCCESS === ok # Validate that Regular user should NOT be able to deploy vm for users in his domain ... === TestName: test_19_deployvm_user_foruserinsamedomain | Status : SUCCESS === ok #Validate that User should not be able deploy VM in a network that does not belong to him ... === TestName: test_20_1_deployvm_user_incrossnetwork | Status : SUCCESS === ok # Validate that Regular user should NOT be able to deploy vm for users in his domain ... === TestName: test_20_deployvm_user_foruserincrossdomain | Status : SUCCESS === ok #Validate that Admin should be able to restart network for networks he owns ... === TestName: test_21_restartNetwork_admin | Status : SUCCESS === ok # Validate that Admin should be able to restart network for users in his domain ... === TestName: test_22_restartNetwork_admin_foruserinsamedomain | Status : SUCCESS === ok # Validate that Admin should be able to restart network for users in his sub domain ... === TestName: test_23_restartNetwork_admin_foruserinotherdomain | Status : SUCCES
[jira] [Created] (CLOUDSTACK-7002) [Automation] - Automate ACL test cases relating to isolate Network for createNetwork(), restartNetwork() and deploying Vms in a isolated network.
Sangeetha Hariharan created CLOUDSTACK-7002: --- Summary: [Automation] - Automate ACL test cases relating to isolate Network for createNetwork(), restartNetwork() and deploying Vms in a isolated network. Key: CLOUDSTACK-7002 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7002 Project: CloudStack Issue Type: Task Security Level: Public (Anyone can view this level - this is the default.) Components: Automation Affects Versions: 4.4.0 Reporter: Sangeetha Hariharan Assignee: Sangeetha Hariharan Fix For: 4.4.0 [Automation] - Automate ACL test cases relating to isolate Network for createNetwork(), restartNetwork() and deploying Vms in a isolated network. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CLOUDSTACK-6974) IAM-Root Admin - When listNetwork is used with listall=false (or no listall passed), all isoalted networks belonging to other users is listed.
Sangeetha Hariharan created CLOUDSTACK-6974:
---
Summary: IAM-Root Admin - When listNetwork is used with
listall=false (or no listall passed), all isoalted networks belonging to other
users is listed.
Key: CLOUDSTACK-6974
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6974
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Affects Versions: 4.4.0
Environment: Build from 4.4-forward
Reporter: Sangeetha Hariharan
Root Admin - When listNetwork is used with listall=false (or no listall passed)
and isrecursive=true , all networks in the system are returned.
Steps to reproduce the problem:
Create multiple domains with few user and domain accounts in them.
Create isolated networks as each of these accounts.
Create an admin user under ROOT.
As this admin user, deploy a VM.
Use listNetwork with listall=false (or no listall passed) and isrecursive=true
to retrieve all the networks owned by this admin.
This results in all the networks in the system being returned.
Following is the API call that was made , that resulted in 15 networks being
fetched when it should have fetched only 1 isolated network and 1
shared network.
http://10.223.49.6:8080/client/api?apiKey=PB2CyeaqN0vfTodPzXV52OdE9YZLC8K-BrdLiEijWmq85nuAEfXVoAPxbzW0J5BgFAT-f5lnwDEgeOfp_boJAg&isrecursive=true&response=json&listall=false&command=listNetworks&signature=l%2FNR4aBSnk7aAEDHhlsAvEXe7Cg%3D
Response: { "listnetworksresponse" : { "count":15 ,"network" : [
{"id":"fb3b563c-5ba2-4f9a-aa65-82996f78f20e","name":"SharedNetwork-Account","displaytext":"SharedNetwork-Account","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.223.1.1","netmask":"255.255.255.0","cidr":"10.223.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"1bec2c7f-d35d-4d33-a655-d3159be4a6ff","networkofferingname":"DefaultSharedNetworkOfferingWithSGService","networkofferingdisplaytext":"Offering
for Shared Security group enabled
networks","networkofferingconservemode":true,"networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"fb3b563c-5ba2-4f9a-aa65-82996f78f20e","broadcasturi":"vlan://153","dns1":"4.2.2.2","type":"Shared","vlan":"153","acltype":"Account","account":"testD111A-TestNetworkList-RPNQIQ","domainid":"b706ea33-fbf7-4167-a857-16f79f332cf3","domain":"D111-A243U3","service":[
{"name":"UserData"}
,{"name":"Dhcp","capability":[
{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}
]},{" ...
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Updated] (CLOUDSTACK-6973) IAM - listNetworks - When Domain Admin calls listNetwork with listall=false , isolated networks belonging to other users in the domain is also listed.
[
https://issues.apache.org/jira/browse/CLOUDSTACK-6973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan updated CLOUDSTACK-6973:
Summary: IAM - listNetworks - When Domain Admin calls listNetwork with
listall=false , isolated networks belonging to other users in the domain is
also listed. (was: IAM - listNetworks - When Domain Admin calls listNetwork
with listall=false , isolated networks belonging to other users in the domain
is also listed. Edit Comment Assign More Resolve Issue
Close Issue Export)
> IAM - listNetworks - When Domain Admin calls listNetwork with listall=false ,
> isolated networks belonging to other users in the domain is also listed.
> --
>
> Key: CLOUDSTACK-6973
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6973
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
>Affects Versions: 4.4.0
> Environment: Build from 4.4-forward
>Reporter: Sangeetha Hariharan
>
> IAM - listNetworks - When Domain Admin calls listNetwork with listall=false ,
> isolated networks belonging to other users in the domain is also listed.
> Steps to reproduce the problem:
> Domain D1 -> has user d1 (domain admin), d1a and d1b regular users.
> Each user has a isolated network that he owns.
> Calling listNetworks() with no parameters (or listall=false) , results in
> isolated networks owned by other regular users in the domain to be listed.
> As domain admin d1 , when I listed istNetworks() with no parameters (or
> listall=false) , i see the isolated networks owned by d1a and d1b regular
> users listed:
> -
> idaccount_nameuuidtypedomain_id state removed
> cleanup_needed network_domain default_zone_id default
> -
> 1 system 2c320fc2-d1eb-11e3-907f-4adf980f94141 1 enabled
> NULL0 NULLNULL1
> 2 admin 2c324dfc-d1eb-11e3-907f-4adf980f94141 1 enabled
> NULL0 NULLNULL1
> 3 testD1-TestNetworkList-0SNBP5 53144728-76db-427a-ab96-5a6901e31a5e
> 2 2 enabled NULL0 NULLNULL0
> 4 testD1A-TestNetworkList-0Y3W33 196cc54c-4f4f-4bff-91ee-e084395eb388
> 0 2 enabled NULL0 NULLNULL0
> 5 testD1B-TestNetworkList-KOGK49 52d34195-f6be-482d-b8cb-effaf9d3bcc4
> 0 2 enabled NULL0 NULLNULL0
> List call response:
> 2014-05-02 07:38:19,152 INFO [a.c.c.a.ApiServer]
> (catalina-exec-10:ctx-4d9ac3c7 ctx-d8785a9c ctx-aa28872f) (userId=3
> accountId=3 ses
> sionId=null) 10.223.56.66 – GET
> apiKey=ASspPltVyUxiuOKQLuyfJnsS_zezNXRjZPfZsdjAXpJMUnu7r75Zn9dqk7p_eL1PrATjDbDanUN3uGsGbsCcwg&respon
> se=json&listall=false&command=listNetworks&signature=s9FYHRWmLi2E7LeQDhXcyi%2Fu0J0%3D
> 200 { "listnetworksresponse" : { "count":5 ,"ne
> twork" : [
> {"id":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","name":"testD1B-TestNetworkList-KOGK49-network","displaytext":"testD1B-TestN
> etworkList-KOGK49-network","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"
> 10.1.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"fc25eb7b-d884-4cc3-acbb-a321817a3
> 567","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
> for Isolated n
> etworks with Source Nat service
> enabled","networkofferingconservemode":true,"networkofferingavailability":"Required","issystem":false
> ,"state":"Implemented","related":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","dns1":"4.2.2.2","type":"Isolated","acltype":"Account","accou
> nt":"testD1B-TestNetworkList-KOGK49","domainid":"3abd56e8-97da-40f9-b6f5-33fd5b28b43e","domain":"D1-R549ZO","service":[
> {"name":"PortF orwarding"}
> ,
> {"name":"UserData"}
> ,{"name":"Firewall","capability":[
> {"name":"MultipleIps","value":"true","canchooseservicecapability":fa lse}
> ,
> {"name":"SupportedEgressProtocols","value":"tcp,udp,icmp,
> all","canchooseservicecapability":false}
> ,
> {"name":"SupportedProtocols",
> "value":"tcp,udp,icmp","canchooseservicecapability":false}
> ,
> {"name":"SupportedTrafficDirection","value":"ingress, egress","canchoosese
[jira] [Created] (CLOUDSTACK-6973) IAM - listNetworks - When Domain Admin calls listNetwork with listall=false , isolated networks belonging to other users in the domain is also listed. Edit
Sangeetha Hariharan created CLOUDSTACK-6973:
---
Summary: IAM - listNetworks - When Domain Admin calls listNetwork
with listall=false , isolated networks belonging to other users in the domain
is also listed. Edit Comment Assign More Resolve Issue
Close Issue Export
Key: CLOUDSTACK-6973
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6973
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server
Affects Versions: 4.4.0
Environment: Build from 4.4-forward
Reporter: Sangeetha Hariharan
IAM - listNetworks - When Domain Admin calls listNetwork with listall=false ,
isolated networks belonging to other users in the domain is also listed.
Steps to reproduce the problem:
Domain D1 -> has user d1 (domain admin), d1a and d1b regular users.
Each user has a isolated network that he owns.
Calling listNetworks() with no parameters (or listall=false) , results in
isolated networks owned by other regular users in the domain to be listed.
As domain admin d1 , when I listed istNetworks() with no parameters (or
listall=false) , i see the isolated networks owned by d1a and d1b regular users
listed:
-
id account_nameuuidtypedomain_id state removed
cleanup_needed network_domain default_zone_id default
-
1 system 2c320fc2-d1eb-11e3-907f-4adf980f94141 1 enabled
NULL0 NULLNULL1
2 admin 2c324dfc-d1eb-11e3-907f-4adf980f94141 1 enabled
NULL0 NULLNULL1
3 testD1-TestNetworkList-0SNBP5 53144728-76db-427a-ab96-5a6901e31a5e
2 2 enabled NULL0 NULLNULL0
4 testD1A-TestNetworkList-0Y3W33 196cc54c-4f4f-4bff-91ee-e084395eb388
0 2 enabled NULL0 NULLNULL0
5 testD1B-TestNetworkList-KOGK49 52d34195-f6be-482d-b8cb-effaf9d3bcc4
0 2 enabled NULL0 NULLNULL0
List call response:
2014-05-02 07:38:19,152 INFO [a.c.c.a.ApiServer] (catalina-exec-10:ctx-4d9ac3c7
ctx-d8785a9c ctx-aa28872f) (userId=3 accountId=3 ses
sionId=null) 10.223.56.66 – GET
apiKey=ASspPltVyUxiuOKQLuyfJnsS_zezNXRjZPfZsdjAXpJMUnu7r75Zn9dqk7p_eL1PrATjDbDanUN3uGsGbsCcwg&respon
se=json&listall=false&command=listNetworks&signature=s9FYHRWmLi2E7LeQDhXcyi%2Fu0J0%3D
200 { "listnetworksresponse" : { "count":5 ,"ne
twork" : [
{"id":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","name":"testD1B-TestNetworkList-KOGK49-network","displaytext":"testD1B-TestN
etworkList-KOGK49-network","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"
10.1.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"fc25eb7b-d884-4cc3-acbb-a321817a3
567","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
for Isolated n
etworks with Source Nat service
enabled","networkofferingconservemode":true,"networkofferingavailability":"Required","issystem":false
,"state":"Implemented","related":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","dns1":"4.2.2.2","type":"Isolated","acltype":"Account","accou
nt":"testD1B-TestNetworkList-KOGK49","domainid":"3abd56e8-97da-40f9-b6f5-33fd5b28b43e","domain":"D1-R549ZO","service":[
{"name":"PortF orwarding"}
,
{"name":"UserData"}
,{"name":"Firewall","capability":[
{"name":"MultipleIps","value":"true","canchooseservicecapability":fa lse}
,
{"name":"SupportedEgressProtocols","value":"tcp,udp,icmp,
all","canchooseservicecapability":false}
,
{"name":"SupportedProtocols",
"value":"tcp,udp,icmp","canchooseservicecapability":false}
,
{"name":"SupportedTrafficDirection","value":"ingress, egress","canchoosese
rvicecapability":false}
,
{"name":"TrafficStatistics","value":"per public
ip","canchooseservicecapability":false}
]},{"name":"Lb","capab
ility":[{"name":"AutoScaleCounters","value":"[
{\"methodname\":\"cpu\",\"paramlist\":[]}
,
{\"methodname\":\"memory\",\"paramlist\":[]}
]
","canchooseservicecapability":false},
{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false}
,
{"name":
"SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false}
,
{"name":"LbSchemes","value":"Public ","canchooseservicecapability":false}
,
{"name":"SupportedProtocols","value":"tcp,
udp","canchooseservicecapability":false}
,{"name"
[jira] [Created] (CLOUDSTACK-6939) IAM - DomainAdmin - Not able to listNetwork belonging to a subdomain by passing uuid.
Sangeetha Hariharan created CLOUDSTACK-6939:
---
Summary: IAM - DomainAdmin - Not able to listNetwork belonging to
a subdomain by passing uuid.
Key: CLOUDSTACK-6939
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6939
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server
Affects Versions: 4.4.0
Environment: Build from 4.4-forward
Reporter: Sangeetha Hariharan
IAM - DomainAdmin - Not able to listNetwork belonging to a subdomain by passing
uuid.
Steps to reproduce the problem:
Create a domain D1 with domain admin user - d1
Create a subdomain D1/D11 with regular user - d11a.
As d11a user , create an isolated network.
As domain admin d1 , use listNetworks() command to list network of d11a by
passing id paramater.
listNetwork() returns empty list.
When i pass listall=true parameter along with uuid parameter , then I am able
to get the list.
When empty result is returned:
2014-05-02 14:40:54,273 INFO [a.c.c.a.ApiServer] (catalina-exec-19:ctx-7b012c50
ctx-d447137f) (userId=14 acc
ountId=14 sessionId=0662CF854C84368E87A0D1E1283323A4) 10.215.2.8 – GET
command=listNetworks&id=323c350f-8345
-493e-bc50-5b9592fe4ab3&response=json&sessionkey=B2T%2FRltf8yQnVVqLXpbocOU4HyE%3D&_=1399080286519
200 { "list
networksresponse" : { } }
with listall=true parameter , network is being listed:
2014-05-02 14:41:08,454 INFO [a.c.c.a.ApiServer] (catalina-exec-8:ctx-4cccd2f8
ctx-c091216f) (userId=14 acco
untId=14 sessionId=0662CF854C84368E87A0D1E1283323A4) 10.215.2.8 – GET
command=listNetworks&id=323c350f-8345-
493e-bc50-5b9592fe4ab3&response=json&sessionkey=B2T%2FRltf8yQnVVqLXpbocOU4HyE%3D&_=1399080286519&listall=true
200 { "listnetworksresponse" : { "count":1 ,"network" : [
{"id":"323c350f-8345-493e-bc50-5b9592fe4ab3","nam
e":"testD11-TestNetworkList-OPXQKG-network","displaytext":"testD11-TestNetworkList-OPXQKG-network","broadcast
domaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"10.1.1.0/24",
"zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"fc25eb7b-d884-4cc3-acb
b-a321817a3567","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdi
splaytext":"Offering for Isolated networks with Source Nat service
enabled","networkofferingconservemode":tru
e,"networkofferingavailability":"Required","issystem":false,"state":"Implemented","related":"323c350f-8345-49
3e-bc50-5b9592fe4ab3","dns1":"4.2.2.2","type":"Isolated","acltype":"Account","account":"testD11-TestNetworkLi
st-OPXQKG","domainid":"63282e89-0798-456b-9f1d-a234af5fb046","domain":"D11-BVD36X","service":[
{"name":"PortFo rwarding"}
,
{"name":"UserData"}
,{"name":"Firewall","capability":[
{"name":"MultipleIps","value":"true","canchoo seservicecapability":false}
,
{"name":"SupportedEgressProtocols","value":"tcp,udp,icmp,
all","canchooseservicec apability":false}
,
{"name":"SupportedProtocols","value":"tcp,udp,icmp","canchooseservicecapability":false}
,
{"name":"SupportedTrafficDirection","value":"ingress,
egress","canchooseservicecapability":false}
,
{"name":"TrafficStatistics","value":"per public
ip","canchooseservicecapability":false}
]},{"name":"Lb","capability":[{"name":"AutoScaleCounters","value":"[
{\"methodname\":\"cpu\",\"paramlist\":[]}
,
{\"methodname\":\"memory\",\"paramlist\":[]}
]","canchooseservicecapability":false},
{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false}
,
{"name":"SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false}
,
{"name":"LbSchemes","value":"Public","canchooseservicecapability":false}
,
{"name":"SupportedProtocols","value":"tcp,
udp","canchooseservicecapability":false}
,{"name":"SupportedStickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[
{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
,
{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
,
{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\"
\"}
,
{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"description\":\"
\"}
,
{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\"
\"}
,{\"paramname\":\"domain\",\"required\":false,\"isflag\":false,
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Created] (CLOUDSTACK-6937) IAM - ROOT admin - Not able to list network owned by accounts under any domain by passing uuid.
Sangeetha Hariharan created CLOUDSTACK-6937: --- Summary: IAM - ROOT admin - Not able to list network owned by accounts under any domain by passing uuid. Key: CLOUDSTACK-6937 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6937 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.4.0 Environment: Build from 4.4-forward Reporter: Sangeetha Hariharan IAM - ROOT admin - Not able to list network owned by accounts under any domain by passing uuid. Create a domain d1 and deploy a vm as an account under this domain. As ROOT admin , try to listNetwork of this VM by passing uuid of the network. Empyt result is returned. when listall=true is passed along with id parameter , then we are able to list the network. http://10.223.49.6:8080/client/api?command=listNetworks&id=decebcd9-58f9-40b1-b4c4-bc554457f3d7&response=json&sessionkey=WGOtz0CAa5c57Imzm2iY8caUVYg%3D This returns empty list. When passed with listall=true then network is listed: http://10.223.49.6:8080/client/api?command=listNetworks&id=decebcd9-58f9-40b1-b4c4-bc554457f3d7&response=json&sessionkey=WGOtz0CAa5c57Imzm2iY8caUVYg%3D&%20%3E%3E%201010.223.49.6:8080/client/api?command=listNetworks&id=decebcd9-58f9-40b1-b4c4-bc554457f3d7&response=json&sessionkey=WGOtz0CAa5c57Imzm2iY8caUVYg=&listall=true -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (CLOUDSTACK-6429) IAM - As admin , When listAll=false is used to list all Vms under a subdomain , all Vms (even those that are not in this subdmain) are listed.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14030165#comment-14030165 ] Sangeetha Hariharan commented on CLOUDSTACK-6429: - Testing with latest build from 4.4-forward (after IAM revert): As admin , When listAll=false is used to list all Vms under a subdomain , all Vms in the subdomain are only listed. Closing this issue. > IAM - As admin , When listAll=false is used to list all Vms under a subdomain > , all Vms (even those that are not in this subdmain) are listed. > -- > > Key: CLOUDSTACK-6429 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6429 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Assignee: Min Chen >Priority: Critical > Fix For: 4.4.0 > > > IAM - As admin , When listAll=false is used to list all Vms under a subdomain > , all Vms (even those that are not in this subdmain) are listed. > Steps to reproduce the problem: > Set up: > Pre Reqs: > Admin - Creates object > Domain Admin for d1 - D1 - Creates object - d1 > Domain Admin for d1 - D1/D11 > User account for d1 - D1/D111 - Creates object - d111a > Domain Admin for d1 - D1/D12 > Domain Admin for d2 - D2 - Creates object -d2 > User Account in domain D1 - userD1-1 - Creates object -d1a > User Account in domain D1 - userD1-2 - Creates object - d1b > User Account in domain D1/D11 - userD1-a - Creates object - d11a > User Account in domain D1/D11 - userD1-a - Creates object - d11b > User Account in domain D1/D12- userD1-b - Creates object - d12a > User Account in domain D1/D12 - userD-a - Creates object - d12b > As ROOT admin , tried to list all the Vms for domain - d1/d11 , this results > in all the Vms (even those that are not in this subdmain) being listed. > All the following API calls as Admin when trying to list Vms from domain - > d1/d11 , results in 11 Vms which is all the Vms in the cluouds. > GET > http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&listAll=false&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=1S3PA2HyPP70jnv5FiKSp%2FXfqw4%3D > \n\n > GET > http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&listAll=false&isrecursive=false&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=FtoJ8isO896ZkqLJH5YzVjodFdg%3D > \n\n > GET > http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&listAll=false&isrecursive=true&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=4HHrtJo1Cx3yqjdIHUFi43kqZ3E%3D > \n\n > GET > http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&isrecursive=false&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=A6kJuc9XDIp6f9Ha8Bp9Ig3Xigg%3D > \n\n > GET > http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&isrecursive=true&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=S04gwOtMs0%2F00CV4I1Q7pbCCC08%3D > \n\n -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Closed] (CLOUDSTACK-6429) IAM - As admin , When listAll=false is used to list all Vms under a subdomain , all Vms (even those that are not in this subdmain) are listed.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-6429. --- > IAM - As admin , When listAll=false is used to list all Vms under a subdomain > , all Vms (even those that are not in this subdmain) are listed. > -- > > Key: CLOUDSTACK-6429 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6429 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Assignee: Min Chen >Priority: Critical > Fix For: 4.4.0 > > > IAM - As admin , When listAll=false is used to list all Vms under a subdomain > , all Vms (even those that are not in this subdmain) are listed. > Steps to reproduce the problem: > Set up: > Pre Reqs: > Admin - Creates object > Domain Admin for d1 - D1 - Creates object - d1 > Domain Admin for d1 - D1/D11 > User account for d1 - D1/D111 - Creates object - d111a > Domain Admin for d1 - D1/D12 > Domain Admin for d2 - D2 - Creates object -d2 > User Account in domain D1 - userD1-1 - Creates object -d1a > User Account in domain D1 - userD1-2 - Creates object - d1b > User Account in domain D1/D11 - userD1-a - Creates object - d11a > User Account in domain D1/D11 - userD1-a - Creates object - d11b > User Account in domain D1/D12- userD1-b - Creates object - d12a > User Account in domain D1/D12 - userD-a - Creates object - d12b > As ROOT admin , tried to list all the Vms for domain - d1/d11 , this results > in all the Vms (even those that are not in this subdmain) being listed. > All the following API calls as Admin when trying to list Vms from domain - > d1/d11 , results in 11 Vms which is all the Vms in the cluouds. > GET > http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&listAll=false&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=1S3PA2HyPP70jnv5FiKSp%2FXfqw4%3D > \n\n > GET > http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&listAll=false&isrecursive=false&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=FtoJ8isO896ZkqLJH5YzVjodFdg%3D > \n\n > GET > http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&listAll=false&isrecursive=true&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=4HHrtJo1Cx3yqjdIHUFi43kqZ3E%3D > \n\n > GET > http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&isrecursive=false&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=A6kJuc9XDIp6f9Ha8Bp9Ig3Xigg%3D > \n\n > GET > http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&isrecursive=true&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=S04gwOtMs0%2F00CV4I1Q7pbCCC08%3D > \n\n -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Closed] (CLOUDSTACK-6381) IAM - DomainAdmin - When listVirtualMachines is used with listall=true (with out passing isrecursive falg) , all Vms from the subdomain are also listed.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-6381. --- Tested with latest build from 4.4-forward ( after IAM revert) Only when domainId is passed to list commands , isrecursive() flag is considered. In all other cases , it is defaulted to true. This behavior is as expected. Closing this issue. > IAM - DomainAdmin - When listVirtualMachines is used with listall=true (with > out passing isrecursive falg) , all Vms from the subdomain are also listed. > > > Key: CLOUDSTACK-6381 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6381 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4. >Reporter: Sangeetha Hariharan >Assignee: Min Chen >Priority: Critical > Fix For: 4.4.0 > > > IAM - DomainAdmin - When listVirtualMachines is used with listall=true (with > out passing isrecursive falg) , all Vms from the subdomain are also listed. > Set up: > Pre Reqs: > Admin - Creates object > Domain Admin for d1 - D1 - Creates object - d1 > Domain Admin for d1 - D1/D11 > User account for d1 - D1/D111 - Creates object - d111a > Domain Admin for d1 - D1/D12 > Domain Admin for d2 - D2 - Creates object -d2 > User Account in domain D1 - userD1-1 - Creates object -d1a > User Account in domain D1 - userD1-2 - Creates object - d1b > User Account in domain D1/D11 - userD1-a - Creates object - d11a > User Account in domain D1/D11 - userD1-a - Creates object - d11b > User Account in domain D1/D12- userD1-b - Creates object - d12a > User Account in domain D1/D12 - userD-a - Creates object - d12b > As domain admin - D1 , i tried to listVistualMachines passing listAll=true > parameter (no isrecurssive parameter). > Expected result: > only all the Vms that belong to this domain should be listed , which should > be 3 Vms , d1,d1a and d1b. > But I see 8 Vms being returned , which also includes the Vms in the domain, > d12 and d111. > GET > http://10.223.49.6/client/api?command=listVirtualMachines&listAll=true&apiKey=Hv0VKnmBjXhyRMKZ7ixI51gG-iqHqRVTp1xCCLU2-gTnZwhuUNWsa4zZLYZWWLD5lEhvwe05tJKJVa9NeS5REw&signature=cDqQMD6qlKeiz2g40pSOYqJKqoE%3D > \n\n > cloud-stack-version="4.4.0-SNAPSHOT">822193996-12f9-46ff-91cd-3d409f7f8c60d11ad11atestD11A-TestVMList-3385RP0a0f7c09-2f1a-4939-94ce-88388e197949D11-UFBXGQ2014-04-10T09:01:37-0400Runningfalse75d61334-ff70-49c3-99ed-3af702cd51d7BLR1e65cdfa0-c019-11e3-907f-4adf980f9414CentOS > 5.3(64-bit) no GUI (Simulator)CentOS > 5.3(64-bit) no GUI > (Simulator)false49dee9f8-a49a-414d-b8b2-b0d59b5981f0Small > > Instance110012810%101908485095424e5eba5c4-c019-11e3-907f-4adf980f94140ROOTa1c079e5-ae0f-4470-b0ed-26895fbcf14df1cf7cfb-c354-47c4-854e-af329c54d77etestD11A-TestVMList-3385RP-network255.255.255.010.1.1.110.1.1.217vlan://1071vlan://1071GuestIsolatedtrue02:00:06:7b:00:01Simulatorfalse11660a829f-5265-44c3-aa92-957d8bbec8e2d1ad1btestD1B-TestVMList-CB23CTdc4bf103-27bf-4292-99aa-dc91fa23ee04D1-NN5QWT2014-04-10T09:01:32-0400Runningfalse75d61334-ff70-49c3-99ed-3af702cd51d7BLR1e65cdfa0-c019-11e3-907f-4adf980f9414CentOS > 5.3(64-bit) no GUI (Simulator)CentOS > 5.3(64-bit) no GUI > (Simulator)false49dee9f8-a49a-414d-b8b2-b0d59b5981f0Small > > Instance110012810%101908485095424e5eba5c4-c019-11e3-907f-4adf980f94140ROOTb58c4f55-ed7d-4c1c-922b-6e2aecad642cee8c3501-10e5-4247-b5b4-6e261dde56b1testD1B-TestVMList-CB23CT-network255.255.255.010.1.1.110.1.1.252vlan://1697vlan://1697GuestIsolatedtrue02:00:17:50:00:01Simulatorfalse11daf1dd0f-214c-4ed4-88fa-441c4e150527d12bd12btestD12B-TestVMList-DUV38Z647a2057-2ed7-471f-b2a5-e6fff8a5d2c4D12-ZRH0RP2014-04-10T09:01:59-0400Runningfalse75d61334-ff70-49c3-99ed-3af702cd51d7BLR1e65cdfa0-c019-11e3-907f-4adf980f9414CentOS > 5.3(64-bit) no GUI (Simulator)CentOS > 5.3(64-bit) no GUI > (Simulator)false49dee9f8-a49a-414d-b8b2-b0d59b5981f0Small > > Instance110012810%101908485095424e5eba5c4-c019-11e3-907f-4adf980f94140ROOT5481afa0-aba3-4837-b2cb-647482e435599952cae1-ec5e-4265-b3.. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Closed] (CLOUDSTACK-6468) IAM - Templates - Admin user is not allowed to edit template and set isExtractable() paramater.
[
https://issues.apache.org/jira/browse/CLOUDSTACK-6468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan closed CLOUDSTACK-6468.
---
Tested with latest build from 4.4-forward ( after IAM revert):
Admin is able to set the "isFeatured" flag for templates that are owned by
regular users.
> IAM - Templates - Admin user is not allowed to edit template and set
> isExtractable() paramater.
> ---
>
> Key: CLOUDSTACK-6468
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6468
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: IAM
>Affects Versions: 4.4.0
>Reporter: Sangeetha Hariharan
>Assignee: Min Chen
> Fix For: 4.4.0
>
>
> IAM - Templates - Admin user is not allowed to edit template and set
> isExtractable() paramater.
> From UI , As admin , tried to update the isFeatured() flag to true for a
> template that was created by regular user.
> This fails with "Only ROOT admins are allowed to modify this attribute."
> http://10.223.49.6:8080/client/api?command=updateTemplatePermissions&response=json&sessionkey=1WTLpcX%2FCiA4QLBY3RZTTB0ceaE%3D&id=851cfe02-d91f-4226-b325-b48a09d2a2af&ispublic=false&isfeatured=true&isextractable=true&_=1398114267369
> { "updatetemplatepermissionsresponse" :
> {"uuidList":[],"errorcode":431,"cserrorcode":4350,"errortext":"Only ROOT
> admins are allowed to modify this attribute."} }
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Closed] (CLOUDSTACK-6348) IAM - Regular User is not able to change password.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-6348. --- Tested with latest build from 4.4-forward ( after IAM revert) Regular user is able to change his password successfully. > IAM - Regular User is not able to change password. > -- > > Key: CLOUDSTACK-6348 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6348 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 >Reporter: Sangeetha Hariharan >Assignee: Prachi Damle >Priority: Critical > Fix For: 4.4.0 > > > Steps to reproduce the problem: > As regular user , try to change password. > Following error message is presented to the user: > Acct[eb54ae7f-c932-4513-aab6-984f03f9df41-test] does not have permission to > access resource Acct[eb54ae7f-c932-4513-aab6-984f03f9df41-test] > Management server log: > 2014-04-07 10:43:58,185 DEBUG [c.c.a.ApiServlet] > (catalina-exec-4:ctx-3b2e2f03) ===START=== 10.215.3.0 -- POST > command=updateUser&response=json&sessionkey=P7c7ohM5rOC6mJLLima8CXlOAho%3D > 2014-04-07 10:43:58,204 DEBUG [o.a.c.i.RoleBasedEntityAccessChecker] > (catalina-exec-4:ctx-3b2e2f03 ctx-8030779f) Account > Acct[eb54ae7f-c932-4513-aab6-984f03f9df41-test] does not have permission to > access resource Acct[eb54ae7f-c932-4513-aab6-984f03f9df41-test] for access > type: OperateEntry > 2014-04-07 10:43:58,211 INFO [c.c.a.ApiServer] (catalina-exec-4:ctx-3b2e2f03 > ctx-8030779f) PermissionDenied: > Acct[eb54ae7f-c932-4513-aab6-984f03f9df41-test] does not have permission to > access resource Acct[eb54ae7f-c932-4513-aab6-984f03f9df41-test] on objs: [] > 2014-04-07 10:43:58,212 DEBUG [c.c.a.ApiServlet] > (catalina-exec-4:ctx-3b2e2f03 ctx-8030779f) ===END=== 10.215.3.0 -- POST > command=updateUser&response=json&sessionkey=P7c7ohM5rOC6mJLLima8CXlOAho%3D -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Closed] (CLOUDSTACK-6349) IAM - No error message presented to the user , when invalid password is provided.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-6349. --- Tested with latest build from 4.4-forward ( after IAM revert) When regular user tries to log in with invalid password, following error message is presented to the user: "Invalid username or password" > IAM - No error message presented to the user , when invalid password is > provided. > - > > Key: CLOUDSTACK-6349 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6349 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4. >Reporter: Sangeetha Hariharan >Assignee: Prachi Damle >Priority: Critical > Fix For: 4.4.0 > > > Try to log in as regular user , by providing invalid username/password. > User is not presented with any error message: > apilog.log: > 2014-04-07 10:51:15,849 INFO [a.c.c.a.ApiServer] > (catalina-exec-6:ctx-5511ac44) 10.215.3.0 -- POST command=login domain=/ > unknown exception writing api response > Management server log: > 2014-04-07 10:47:28,001 DEBUG [c.c.a.ApiServlet] > (catalina-exec-3:ctx-845578ba) ===START=== 10.215.3.0 -- POST > 2014-04-07 10:47:28,003 DEBUG [c.c.u.AccountManagerImpl] > (catalina-exec-3:ctx-845578ba) Attempting to log in user: test in domain 1 > 2014-04-07 10:47:28,003 DEBUG [c.c.s.a.SHA256SaltedUserAuthenticator] > (catalina-exec-3:ctx-845578ba) Retrieving user: test > 2014-04-07 10:47:28,005 DEBUG [c.c.s.a.MD5UserAuthenticator] > (catalina-exec-3:ctx-845578ba) Retrieving user: test > 2014-04-07 10:47:28,009 DEBUG [c.c.s.a.MD5UserAuthenticator] > (catalina-exec-3:ctx-845578ba) Password does not match > 2014-04-07 10:47:28,012 DEBUG [c.c.s.a.PlainTextUserAuthenticator] > (catalina-exec-3:ctx-845578ba) Retrieving user: test > 2014-04-07 10:47:28,016 DEBUG [c.c.s.a.PlainTextUserAuthenticator] > (catalina-exec-3:ctx-845578ba) Password does not match > 2014-04-07 10:47:28,016 DEBUG [c.c.u.AccountManagerImpl] > (catalina-exec-3:ctx-845578ba) Unable to authenticate user with username test > in domain 1 > 2014-04-07 10:47:28,019 ERROR [c.c.a.ApiServlet] > (catalina-exec-3:ctx-845578ba) unknown exception writing api response > com.cloud.exception.InvalidParameterValueException: Caller cannot be passed > as NULL to IAM! > at > org.apache.cloudstack.iam.RoleBasedEntityAccessChecker.checkAccess(RoleBasedEntityAccessChecker.java:67) > at > com.cloud.user.AccountManagerImpl.isRootAdmin(AccountManagerImpl.java:371) > at > com.cloud.user.AccountManagerImpl.isInternalAccount(AccountManagerImpl.java:420) > at > com.cloud.user.AccountManagerImpl.getUserAccount(AccountManagerImpl.java:2045) > at > com.cloud.user.AccountManagerImpl.authenticateUser(AccountManagerImpl.java:1871) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) > at > org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) > at $Proxy99.authenticateUser(Unknown Source) > at com.cloud.api.ApiServer.loginUser(ApiServer.java:850) > at > com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:231) > at com.cloud.api.ApiServlet.access$000(ApiServlet.java:54) > at com.cloud.api.ApiServlet$1.run(ApiServlet.java:118) > at > org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56) > at > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103) > at > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53) > at com.cloud.api.ApiServlet.processRequest(ApiS
[jira] [Closed] (CLOUDSTACK-6458) IAM - When a domain is deleted , the group created for this domian is not removed.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-6458. --- Tested with latest build from 4.4-forward (with IAM revert) This is not an issue any more since we do not create entries in iam_group when domains are being created. mysql> select * from iam_group; ++---+-+--+--++--+-+-+ | id | name | description | uuid | path | account_id | view | removed | created | ++---+-+--+--++--+-+-+ | 1 | NORMAL| Domain user group | 8146808c-f230-11e3-ac31-4adf980f9414 | /| 1 | User | NULL| 2014-06-12 08:53:09 | | 2 | ADMIN | Root admin group| 81468d20-f230-11e3-ac31-4adf980f9414 | /| 1 | User | NULL| 2014-06-12 08:53:09 | | 3 | DOMAIN_ADMIN | Domain admin group | 81469996-f230-11e3-ac31-4adf980f9414 | /| 1 | User | NULL| 2014-06-12 08:53:09 | | 4 | RESOURCE_DOMAIN_ADMIN | Resource domain admin group | 8146a51c-f230-11e3-ac31-4adf980f9414 | /| 1 | User | NULL| 2014-06-12 08:53:09 | | 5 | READ_ONLY_ADMIN | Read only admin group | 8146b11a-f230-11e3-ac31-4adf980f9414 | /| 1 | User | NULL| 2014-06-12 08:53:09 | ++---+-+--+--++--+-+-+ 5 rows in set (0.00 sec) mysql> select * from domain; +++--+--+---+--+---+-++-++++ | id | parent | name | uuid | owner | path | level | child_count | next_child_seq | removed | state | network_domain | type | +++--+--+---+--+---+-++-++++ | 1 | NULL | ROOT | 6cdd2858-f230-11e3-ac31-4adf980f9414 | 2 | / | 0 | 2 | 3 | NULL| Active | NULL | Normal | | 2 | 1 | d1 | a35f9e43-1707-4ea8-b776-e6e4e75b8fff | 2 | /d1/ | 1 | 1 | 2 | NULL| Active | NULL | Normal | | 3 | 1 | d2 | d4af87a3-15bf-46bd-b4ee-4de55dc735b8 | 2 | /d2/ | 1 | 0 | 1 | NULL| Active | NULL | Normal | | 4 | 2 | d11 | 0c61d5a9-59bd-4f61-97ec-6078acd6e231 | 2 | /d1/d11/ | 2 | 0 | 1 | NULL| Active | NULL | Normal | +++--+--+---+--+---+-++-++++ 4 rows in set (0.00 sec) mysql> > IAM - When a domain is deleted , the group created for this domian is not > removed. > -- > > Key: CLOUDSTACK-6458 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6458 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Assignee: Prachi Damle > Fix For: 4.4.0 > > > IAM - When a domain is deleted , the group created for this domian is not > removed. > Steps to reproduce the problem: > Create a domain. > Notice that as part of domain creation , an IAM group specific to this domain > is created. > Delete this domain. > IAM group specific to this domain is not marked as being removed in the > iam_group table. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Closed] (CLOUDSTACK-6474) IAM - Not able to list shared networks that is created with scope="all"
[
https://issues.apache.org/jira/browse/CLOUDSTACK-6474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan closed CLOUDSTACK-6474.
---
Test with latest build from 4.4-forward (after IAM revert)
Regular user is able to list and use (deploy VM) in a shared network that is
created with scope=all.
closing issue.
> IAM - Not able to list shared networks that is created with scope="all"
> ---
>
> Key: CLOUDSTACK-6474
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6474
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: IAM
>Affects Versions: 4.4.0
> Environment: Build from 4.4
>Reporter: Sangeetha Hariharan
>Assignee: Prachi Damle
>Priority: Critical
> Fix For: 4.4.0
>
>
> IAM - Not able to list shared networks that is created with scope="all"
> Steps to reproduce the problem:
> As admin , create a shared network with scope="all".
> As regular user , tried to list networks. No shared network is returned.
> http://10.223.49.6:8080/client/api?command=listNetworks&response=json&sessionkey=wOwS556QDduN5hRqHf1PU3gPBEw%3D&listAll=true&page=1&pagesize=20&_=1398206302627
> "listnetworksresponse" : { } }
> As admin user , I am able to list this network:
> http://10.223.49.6:8080/client/api?command=listNetworks&response=json&sessionkey=58UVhAXG49kJHSOENDGphnXDEh4%3D&listAll=true&page=1&pagesize=20&_=1398206454900
> { "listnetworksresponse" : { "count":3 ,"network" : [
> {"id":"65324d0a-5571-4e96-aebe-89d45fbabc72","name":"test-domain","displaytext":"test-domain","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.223.1.1","netmask":"255.255.255.0","cidr":"10.223.1.0/24","zoneid":"75d61334-ff70-49c3-99ed-3af702cd51d7","zonename":"BLR1","networkofferingid":"564de11f-a786-44cf-a729-c4683a12dfe0","networkofferingname":"DefaultSharedNetworkOfferingWithSGService","networkofferingdisplaytext":"Offering
> for Shared Security group enabled
> networks","networkofferingconservemode":true,"networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"65324d0a-5571-4e96-aebe-89d45fbabc72","broadcasturi":"vlan://501","dns1":"4.2.2.2","type":"Shared","vlan":"501","acltype":"Domain","subdomainaccess":false,"domainid":"691ab662-6793-42a0-96e6-3b31a2c4e52d","domain":"D1","service":[{"name":"UserData"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}]},{"name":"SecurityGroup"}],"networkdomain":"cs1cloud.internal","physicalnetworkid":"3856a5bc-8509-4a7f-a92e-86146cbc6bc1","restartrequired":false,"specifyipranges":true,"canusefordeploy":true,"ispersistent":false,"tags":[],"displaynetwork":true,"strechedl2subnet":false},
>
> {"id":"49146336-bf81-4861-a2bd-5c92efc14cff","name":"test","displaytext":"test","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.223.1.1","netmask":"255.255.255.0","cidr":"10.223.1.0/24","zoneid":"75d61334-ff70-49c3-99ed-3af702cd51d7","zonename":"BLR1","networkofferingid":"564de11f-a786-44cf-a729-c4683a12dfe0","networkofferingname":"DefaultSharedNetworkOfferingWithSGService","networkofferingdisplaytext":"Offering
> for Shared Security group enabled
> networks","networkofferingconservemode":true,"networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"49146336-bf81-4861-a2bd-5c92efc14cff","broadcasturi":"vlan://500","dns1":"4.2.2.2","type":"Shared","vlan":"500","acltype":"Domain","subdomainaccess":true,"domainid":"e5e2ad7a-c019-11e3-907f-4adf980f9414","domain":"ROOT","service":[{"name":"UserData"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}]},{"name":"SecurityGroup"}],"networkdomain":"cs1cloud.internal","physicalnetworkid":"3856a5bc-8509-4a7f-a92e-86146cbc6bc1","restartrequired":false,"specifyipranges":true,"canusefordeploy":true,"ispersistent":false,"tags":[],"displaynetwork":true,"strechedl2subnet":false},
>
> {"id":"aee03e51-468e-4311-aebc-827d9a43adf0","name":"test","displaytext":"test","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"10.1.1.0/24","zoneid":"75d61334-ff70-49c3-99ed-3af702cd51d7","zonename":"BLR1","networkofferingid":"987d8feb-73b5-4f01-9152-6680a31bc60a","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
> for Isolated networks with Source Nat service
> ena
[jira] [Closed] (CLOUDSTACK-6501) IAM - DomainAdmin - When listVirtualMachines is used with listall=true and account and domainId , Vms owned by the account account is not listed.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6501?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-6501. --- Tested with latest build from 4.4-forward (after IAM revert): As DomainAdmin , when listVirtualMachines is used with listall=true and account and domainId , we are able to list all the Vms owned by the account. Closing this issue. > IAM - DomainAdmin - When listVirtualMachines is used with listall=true and > account and domainId , Vms owned by the account account is not listed. > -- > > Key: CLOUDSTACK-6501 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6501 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Assignee: Min Chen >Priority: Critical > Fix For: 4.4.0 > > > IAM - DomainAdmin - When listVirtualMachines is used with listall=true and > account and domainId , Vms owned by the account is not listed. > Steps to reproduce the problem: > Set up: > Pre Reqs: > Admin - Creates object > Domain Admin for d1 - D1 - Creates object - d1 > Domain Admin for d1 - D1/D11 > User account for d1 - D1/D111 - Creates object - d111a > Domain Admin for d1 - D1/D12 > Domain Admin for d2 - D2 - Creates object -d2 > User Account in domain D1 - userD1-1 - Creates object -d1a > User Account in domain D1 - userD1-2 - Creates object - d1b > Domain Account in domain D1/D11 - D11 - Creates object - d11 > User Account in domain D1/D11 - userD1-a - Creates object - d11a > User Account in domain D1/D11 - userD1-a - Creates object - d11b > User Account in domain D1/D12- userD1-b - Creates object - d12a > User Account in domain D1/D12 - userD-a - Creates object - d12b > As domain admin account D1 , try to list all the Vms for d11 (domain admin > user) using account and domainId parameters. > Expected Result: > Vm owned by the account that is passed in account/domainId parameter. > Actual Result: > Empty set is returned. > GET > http://10.223.49.6/client/api?command=listVirtualMachines&domainId=0e8d9d60-c39a-4304-b048-1e63500d0d30&account=testD11&listAll=true&isrecursive=true&apiKey=bW1FEJkIERji0cWRNQqvmWOgOINjMeBggyoPsMjN9_Qnvq-QtC6L4ORqmbdfQ-XtUYQdSoJIniZrHK3_oi9pcQ&signature=5qLgaWzslWKSz%2FXbVSK0zdj%2B49I%3D > \n\n > current Time: Thu Apr 24 14:43:18 PDT 2014 > cloud-stack-version="4.4.0-SNAPSHOT">Connection > to 10.223.49.6 8080 port [tcp/webcache] succeeded! > Response Time(in secs) : 0 current Time: Thu Apr 24 14:43:18 PDT 2014 -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Closed] (CLOUDSTACK-6512) IAM - Not able to list shared networks in the Vm deployment flow.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6512?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-6512. --- Tested with latest build from 4.4-forward (after IAM revert): Have shared networks created with scope as domain and account. Using UI , Log in as a user who has access to both the account specific and domain specific shared network. Try to deploy a VM. Network list shown as part of VM deployment , has both the shared networks listed: Following is the API call made for listing networks: http://10.223.49.6:8080/client/api?command=listNetworks&response=json&sessionkey=WRY5kiZ461rcInw5KRwr59dPh8U%3D&zoneId=8374d5ac-e559-4a36-88cd-ddc32990659e&canusefordeploy=true&domainid=0c61d5a9-59bd-4f61-97ec-6078acd6e231&account=d11-san&_=1402609700920 Deploying Vms in these shared networks also succeed. Closing this issue. > IAM - Not able to list shared networks in the Vm deployment flow. > - > > Key: CLOUDSTACK-6512 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6512 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4. >Reporter: Sangeetha Hariharan >Assignee: Min Chen >Priority: Critical > Fix For: 4.4.0 > > > IAM - Not able to list shared networks in the Vm deployment flow. > Steps to reproduce the problem: > Create a shared network that is domain specific / account specific. > Log in as the account which should have access to this shared network. > Using UI , try to deploy a VM using this shared network. > shared network is not displayed in the list of networks. > This is the call made by UI: > http://10.223.49.6:8080/client/api?command=listNetworks&response=json&sessionkey=Enn1TgriYaANFQ%2BDKJR7T2Jc9l0%3D&zoneId=fdd0ce43-41b8-49ef-9e59-70ead27bda4c&canusefordeploy=true&domainid=a59a0ce2-b5aa-4460-ade8-91d26e048bc4&account=testD1&_=1398446574911 > > When Networks are listed using the network tab , then we see the shared > network being listed. > Following API call without the domainid and account paramater is able to > return the shared network. > http://10.223.49.6:8080/client/api?command=listNetworks&response=json&sessionkey=Enn1TgriYaANFQ%2BDKJR7T2Jc9l0%3D&listAll=true&page=1&pagesize=20&_=1398446422647 -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Closed] (CLOUDSTACK-6517) IAM - Admin is allowed to create PortFowarding rule for a regular user, when admin does not have " UseEntry" permission for IpAddress.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-6517. --- Testing with latest build from 4.4-forward (after IAM revert): Steps to reproduce the problem: As regular user , on a network he owns , acquire an ip address. As admin , try to create a PF rule on this ip address without passing account and domainId. http://10.223.49.6:8080/client/api?command=createPortForwardingRule&response=json&sessionkey=kFu73ky%2BPuW%2BBz9dkcSBIHyXwkM%3D&ipaddressid=0817bae5-c672-4ea7-a2cd-ce163d3a8727&privateport=22&privateendport=22&publicport=22&publicendport=22&protocol=tcp&virtualmachineid=308450de-d4be-4c91-9067-b3826e85e9b2&openfirewall=false&networkid=9fd8bcef-c140-4061-adc0-5c24c5f7dc69&_=1402609388398 This succeeds . This is the desired behavior. Closing this issue. > IAM - Admin is allowed to create PortFowarding rule for a regular user, when > admin does not have " UseEntry" permission for IpAddress. > --- > > Key: CLOUDSTACK-6517 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6517 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Assignee: Prachi Damle > Fix For: 4.4.0 > > > IAM - Admin is allowed to create PortFowarding rule for a regular user, when > admin does not have " UseEntry" permission for IpAddress. > Steps to reproduce the problem: > As regular user , on a network he owns , acquire an ip address. > As admin , try to create a PF rule on this ip address without passing > account and domainId. > Creating PF rule succeeds. > Since Admin has only "ListEntry" permission for IpAddress owned by other > users , we expect this api call to fail. > mysql> select * from iam_policy_permission where resource_type = 'IpAddress' > and policy_id=2; > +--+---+---+---+--+-+--++---+-+-+ > | id | policy_id | action| resource_type | scope_id | scope > | access_type | permission | recursive | removed | created | > +--+---+---+---+--+-+--++---+-+-+ > | 1840 | 2 | listPublicIpAddresses | IpAddress | -1 | ALL > | ListEntry| Allow | 0 | NULL| 2014-04-22 18:31:03 | > | 1841 | 2 | listPublicIpAddresses | IpAddress | -1 | > ACCOUNT | UseEntry | Allow | 0 | NULL| 2014-04-22 > 18:31:03 | > Admin should be allowed to do this only , when he passes account and domainId > of the regular user is passed. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Closed] (CLOUDSTACK-6533) IAM - Templates - Public templates do not have permissions to be used by ROOT group.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6533?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-6533. --- Tested with latest build from 4.4-forward (after IAM revert) ROOT admin is able to see and use templates(for VM deployment) that are owned by regular users and is marked as "Public". > IAM - Templates - Public templates do not have permissions to be used by ROOT > group. > > > Key: CLOUDSTACK-6533 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6533 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Assignee: Min Chen >Priority: Critical > Fix For: 4.4.0 > > > IAM - Templates - Public templates do not have permissions to be used by ROOT > group. > As regular user create a public template. > In iam_policy_permission policy we do not have permission for Admin group. > mysql> select * from iam_policy_permission where scope_id = 206; > +--+---+---++--+--+-++---+-+-+ > | id | policy_id | action| resource_type | scope_id | > scope| access_type | permission | recursive | removed | created > | > +--+---+---++--+--+-++---+-+-+ > | 4949 | 3 | listTemplates | VirtualMachineTemplate | 206 | > RESOURCE | UseEntry| Allow | 0 | NULL| 2014-04-29 > 11:03:52 | > | 4950 | 1 | listTemplates | VirtualMachineTemplate | 206 | > RESOURCE | UseEntry| Allow | 0 | NULL| 2014-04-29 > 11:03:52 | > mysql> select * from vm_template where id=206; > +-+--++--++--+--+-+--+-++-+-++--+-+-+---+-+--+-+-+-+-++--+--+-++--+-+--+ > | id | unique_name | name > | uuid | public | featured | type | hvm | > bits | url | format | created | > removed | account_id | checksum | display_text| > enable_password | enable_sshkey | guest_os_id | bootable | prepopulate | > cross_zones | extractable | hypervisor_type | source_template_id | > template_tag | sort_key | size| state | update_count | updated | > dynamically_scalable | > +-+--++--++--+--+-+--+-++-+-++--+-+-+---+-+--+-+-+-+-++--+--+-++--+-+--+ > | 206 | 206-318-179129bc-531f-31fe-a21d-23a8aa7b666f | > Public_featured_d2a-G3GJQW | 265192c9-88d3-41d4-b435-6d3c3e5d256a | 1 | > 1 | USER | 1 | 64 | http://10.223.110.232:/test.vhd | VHD| > 2014-04-29 11:03:52 | NULL|318 | NULL | public and feature > Template | 0 | 0 | 12 |1 | > 0 | 0 | 1 | Simulator | NULL | NULL > |0 | 5242880 | Active |0 | NULL| > 0 | > +-+--++--++--+--+-+--+-++-+-++--+-+-+---+-+--+-+-+-+-++--+--+-++--+-+--+ > 1 row in set (0.00 sec) > Inspite of not having the required permissions to use the template , admin is
[jira] [Closed] (CLOUDSTACK-6569) IAM - Regular user is able to listNetworks of another user in the same domain , by passing account and domainId.
[
https://issues.apache.org/jira/browse/CLOUDSTACK-6569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan closed CLOUDSTACK-6569.
---
Tested with latest build from 4.4-forward (after IAM revert)
Regular user is not allowed to list network of other accounts in the same
domain:
2014-06-12 10:28:52,820 INFO [a.c.c.a.ApiServer] (catalina-exec-5:ctx-08e8e4b8
ctx-ec14d52d) (userId=7 accountId=7 sessionId=05A235CFC99FACA027D130666C218B1C)
10.216.50.29 -- GET
command=listNetworks&response=json&sessionkey=ZILTwOXY%2BZYac8MZdC%2BthwzVpHE%3D&listAll=true&page=1&pagesize=20&account=d1-san&domainid=a35f9e43-1707-4ea8-b776-e6e4e75b8fff
531 Acct[9489582f-092e-44a4-bc97-5ab7c0a3d30b-d1-san2] does not have
permission to operate with resource
Acct[f83f6755-7c50-4557-8cbc-5d0b9410f4fe-d1-san]
> IAM - Regular user is able to listNetworks of another user in the same domain
> , by passing account and domainId.
> -
>
> Key: CLOUDSTACK-6569
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6569
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: IAM
>Affects Versions: 4.4.0
> Environment: Build from 4.4
>Reporter: Sangeetha Hariharan
>Assignee: Min Chen
>Priority: Critical
> Fix For: 4.4.0
>
>
> Regular user is able to listNetworks of another user in the same domain , by
> passing account and domainId.
> Domain - d1.
> 3 users in this domain , testd1 - domainadmin , testd1a and testd1b regular
> users.
> Each of the users have 1 isolated network.
>
> As testd1a , tried to list network of testd1b by passing account and
> domainId. ListNetwork returns testd1b's isolated network.
> 2014-05-02 10:21:29,090 INFO [a.c.c.a.ApiServer]
> (catalina-exec-15:ctx-bbcf35b4 ctx-f1b42d4e) (userId=4 accountId=4
> sessionId=AE73B9C62BB908DE5DE16655DAD0CB75) 10.215.2.8 -- GET
> command=listNetworks&response=json&sessionkey=vHQRHlttApujok8Jf73KKKww5XM%3D&listAll=true&page=1&pagesize=20&domainid=3abd56e8-97da-40f9-b6f5-33fd5b28b43e&response=json&account=testD1B-TestNetworkList-KOGK49
> 200 { "listnetworksresponse" : { "count":4 ,"network" : [
> {"id":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","name":"testD1B-TestNetworkList-KOGK49-network","displaytext":"testD1B-TestNetworkList-KOGK49-network","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"10.1.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"fc25eb7b-d884-4cc3-acbb-a321817a3567","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
> for Isolated networks with Source Nat service
> enabled","networkofferingconservemode":true,"networkofferingavailability":"Required","issystem":false,"state":"Implemented","related":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","dns1":"4.2.2.2","type":"Isolated","acltype":"Account","account":"testD1B-TestNetworkList-KOGK49","domainid":"3abd56e8-97da-40f9-b6f5-33fd5b28b43e","domain":"D1-R549ZO","service":[{"name":"PortForwarding"},{"name":"UserData"},{"name":"Firewall","capability":[{"name":"MultipleIps","value":"true","canchooseservicecapability":false},{"name":"SupportedEgressProtocols","value":"tcp,udp,icmp,
>
> all","canchooseservicecapability":false},{"name":"SupportedProtocols","value":"tcp,udp,icmp","canchooseservicecapability":false},{"name":"SupportedTrafficDirection","value":"ingress,
>
> egress","canchooseservicecapability":false},{"name":"TrafficStatistics","value":"per
> public
> ip","canchooseservicecapability":false}]},{"name":"Lb","capability":[{"name":"AutoScaleCounters","value":"[{\"methodname\":\"cpu\",\"paramlist\":[]},{\"methodname\":\"memory\",\"paramlist\":[]}]","canchooseservicecapability":false},{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false},{"name":"SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false},{"name":"LbSchemes","value":"Public","canchooseservicecapability":false},{"name":"SupportedProtocols","value":"tcp,
>
> udp","canchooseservicecapability":false},{"name":"SupportedStickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
>
> \"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
>
> \"},{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\"
>
> \"},{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"description\":\"
>
> \"},{\"paramname\":\"postonly\",\"required\":false,\"isflag\"
[jira] [Closed] (CLOUDSTACK-6581) IAM - Shared Network -Root Admin user is allowed to deploy VM in a shared network that is scoped for a specific domain/account.
[
https://issues.apache.org/jira/browse/CLOUDSTACK-6581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan closed CLOUDSTACK-6581.
---
Tested with latest build form 4.4-forward ( after IAM revert) :
ROOT admin is not able to deploy Vms in shared networks with scope domain/
account (dedicated to a particular domain / account).
API throws the following error when ROOT admin tries to deploy a VM in an
account specific shared network.
{ "deployvirtualmachineresponse" :
{"uuidList":[],"errorcode":531,"cserrorcode":4365,"errortext":"Unable to use
network with id= 89215c78-1526-4d54-9021-8f49d6c991e3, permission denied"} }
API throws the following error when ROOT admin tries to deploy a VM in a domain
specific shared network.
{ "deployvirtualmachineresponse" :
{"uuidList":[],"errorcode":531,"cserrorcode":4365,"errortext":"Shared network
id=768a1a01-2caa-4d49-93db-ccba42619cb0 is not available in domain id=1"} }
> IAM - Shared Network -Root Admin user is allowed to deploy VM in a shared
> network that is scoped for a specific domain/account.
> ---
>
> Key: CLOUDSTACK-6581
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6581
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: IAM
>Affects Versions: 4.4.0
> Environment: Build from 4.4
>Reporter: Sangeetha Hariharan
>Assignee: Prachi Damle
>Priority: Critical
> Fix For: 4.4.0
>
>
> IAM - Shared Network -Root Admin user is allowed to deploy VM in a shared
> network that is scoped for a specific domain/account.
> Steps to reproduce the problem:
> Create a admin account for "ROOT" domain.
> Create a domain d1 with account a1.
> Create a shared network for domain d1 with sub domain access set to true.
> Create a shared network for domain d1 with sub domain access set to false.
> Create a shared network for account a1 d1 with sub domain access set to false.
> As ROOT admin , try to deploy a VM in the above created shared networks.
> Vm deployment succeeds.
> Expected Result:
> ROOT admin should not be allowed to deploy VMs in shared networks that are
> scoped for a specific domain/account.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Closed] (CLOUDSTACK-6745) DomainAdmin is not able to deploy Vm for users in his domain/subdomain.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-6745. --- Tested with latest build from 4.4-forward branch. DomainAdmin is able to deploy Vm for users in his domain/subdomain by passing their account name and domain Id in account and domainId parameter. > DomainAdmin is not able to deploy Vm for users in his domain/subdomain. > --- > > Key: CLOUDSTACK-6745 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6745 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Assignee: Min Chen >Priority: Critical > Fix For: 4.4.0 > > > DomainAdmin is not able to deploy Vm for users in his domain/subdomain. > Steps to reproduce the problem: > Create a domain d1. > Create a regular user - d1a > Deploy a VM as user d1a > Create a domain admin user - d1 > As d1 , try to deploy a VM for user - d1a in the isolated network he owns by > passing asccount and domainId of d1a. > API fails with the following exception: > "Unable to use network with id= b40ce153-83c6-41f3-905b-90ce22c9ac24, > permission denied" > 2014-05-21 13:58:48,162 INFO [a.c.c.a.ApiServer] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) (userId=387 accountId=387 > sessionId=D51FD2C904EB65D7E1577D9ABAF5AACA) 10.215.2.8 -- GET > command=deployVirtualMachine&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a-11e3-ac31-4adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce22c9ac24&displayname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a > 531 Unable to use network with id= b40ce153-83c6-41f3-905b-90ce22c9ac24, > permission denied > Management server logs: > 2014-05-21 13:58:48,140 DEBUG [c.c.a.ApiServlet] > (catalina-exec-17:ctx-8541fadf) ===START=== 10.215.2.8 -- GET > command=deployVirtualMachi > ne&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a-11e3-ac31-4 > adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce22c9ac24&dis > playname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a > 2014-05-21 13:58:48,143 DEBUG [o.a.c.a.BaseCmd] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) Ignoring paremeter displayvm as > the caller is > not authorized to pass it in > 2014-05-21 13:58:48,144 DEBUG [o.a.c.a.BaseCmd] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) Ignoring paremeter > deploymentplanner as the ca > ller is not authorized to pass it in > 2014-05-21 13:58:48,153 DEBUG [c.c.u.AccountManagerImpl] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) Access to > Acct[5afd4de2-2a81-4c40-b7e > 7-b5cb139551c1-test-dom1] granted to > Acct[f1f9a82e-f931-4f59-bf93-ae83b6e773e6-dom1-admin] by DomainChecker > 2014-05-21 13:58:48,156 DEBUG [c.c.u.AccountManagerImpl] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) Access to > Acct[5afd4de2-2a81-4c40-b7e > 7-b5cb139551c1-test-dom1] granted to > Acct[f1f9a82e-f931-4f59-bf93-ae83b6e773e6-dom1-admin] by DomainChecker > 2014-05-21 13:58:48,161 INFO [c.c.a.ApiServer] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) PermissionDenied: Unable to use > network with i > d= b40ce153-83c6-41f3-905b-90ce22c9ac24, permission denied on objs: [] > 2014-05-21 13:58:48,162 DEBUG [c.c.a.ApiServlet] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) ===END=== 10.215.2.8 -- GET > command=deployV > irtualMachine&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a- > 11e3-ac31-4adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce2 > 2c9ac24&displayname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Closed] (CLOUDSTACK-6742) listVolumes - As regularuser , able to list Vms and volumes of other users.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan closed CLOUDSTACK-6742. --- Tested with latest build from 4.4 (after IAM revert). As regular users, we are able to list only the vms and volumes that belong to this account. > listVolumes - As regularuser , able to list Vms and volumes of other users. > --- > > Key: CLOUDSTACK-6742 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6742 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Assignee: Min Chen >Priority: Critical > Fix For: 4.4.0 > > > listVolumes - As regularuser , able to list Vms of other users and as domain > admin , able to list Vms from other domains. > Steps to reproduce the problem: > Had a set up with 2 domains having few users accounts in each domain. > Deploy Vms as each of these users. > As any user , we are able to list Vms and volumes that belong to all other > users including ROOT admin and domain Admin users. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CLOUDSTACK-6891) [Automation] - port 8096 is being used when executing the suite when admin’s keys are not generated before execution of the suite.
Sangeetha Hariharan created CLOUDSTACK-6891: --- Summary: [Automation] - port 8096 is being used when executing the suite when admin’s keys are not generated before execution of the suite. Key: CLOUDSTACK-6891 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6891 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: marvin Affects Versions: 4.4.0 Environment: Marvin builds from 4.4-forward branch Reporter: Sangeetha Hariharan port 8096 is being used for the entire suite in the following scenario: api/secret key is not present for the admin user and as part of executing a test suite , we generate the secret and api key for admin user.This happens when the very first test suite is executed after the setup is created and admin’s keys are not generated yet. In __createApiClient method of cloudstackTestClient.py , mgmt_details.port is not set explicitly to “8080” , when there is a need to generate the keys. In such cases , we default to using port “8096” which is defined as part of the configuration file. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Comment Edited] (CLOUDSTACK-5446) KVM-Secondary Store down-Even after secondary store is brought back up after being down for few hours,snapshot jobs do not get triggered with reason "there is
[ https://issues.apache.org/jira/browse/CLOUDSTACK-5446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13862065#comment-13862065 ] Sangeetha Hariharan edited comment on CLOUDSTACK-5446 at 5/28/14 9:14 PM: -- Changing the severity of bug to "Major" since we are able to take snapshots once the secondary store is up. What needs to be still addressed is the clean up of snapshot that Errors out from primary store and secondary store. was (Author: sangeethah): Changing the severity of bug to "Major" since we are able to take snapshots once the secondary store is up. What needs to be still addressed is the clean up of snapshot from primary store. > KVM-Secondary Store down-Even after secondary store is brought back up after > being down for few hours,snapshot jobs do not get triggered with reason > "there is other active snapshot tasks on the instance to which the volume is > attached" > --- > > Key: CLOUDSTACK-5446 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5446 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.3.0 > Environment: Build from 4.3 >Reporter: Sangeetha Hariharan >Assignee: Min Chen > Fix For: 4.4.0 > > Attachments: agentdown.rar, ssdown.rar > > > KVM - Secondary Store down - Even after secondary store is brought back up > after being down for few hours , snapshot jobs do not get triggered with > reason "here is other active snapshot tasks on the instance to which the > volume is attached, please try again later" > Set up: > Advanced Zone set up with 2 KVM (RHEL 6.3) hosts. > Steps to reproduce the problem: > 1. Deploy 5 Vms in each of the hosts with 10 GB ROOT volume size , so we > start with 10 Vms. > 2. Start concurrent snapshots for ROOT volumes of all the Vms. > 3. Shutdown the Secondary storage server when the snapshots are in the > progress. > 4. Bring the Secondary storage server up after ~ 12 hours. > When the secondary storage was down: > The snapshot jobs that were in progress timed out after 6 hours. > Even after this , I do not see the hourly snapshots being scheduled due to > the following reason: > > 2013-12-10 13:07:49,285 WARN [c.c.s.s.SnapshotSchedulerImpl] > (SnapshotPollTask:ctx-cf0775f7) Scheduling snapshot failed due to > com.cloud.utils.exception.CloudRuntimeException: There is other active > snapshot tasks on the instance to which the volume is attached, please try > again later > Even after the secondary storage was brought up , there is no hourly > snapshots being scheduled due to the same reason - > "com.cloud.utils.exception.CloudRuntimeException: There is other active > snapshot tasks on the instance to which the volume is attached, please try > again later" > mysql> select * FROM snapshots; > ++++---+---+--+--+--+-+--+---+--+-+-+-++--++--+-+-+---+ > | id | data_center_id | account_id | domain_id | volume_id | disk_offering_id > | status | path | name| > uuid | snapshot_type | type_description | > size| created | removed | backup_snap_id | swift_id | > sechost_id | prev_snap_id | hypervisor_type | version | s3_id | > ++++---+---+--+--+--+-+--+---+--+-+-+-++--++--+-+-+---+ > | 1 | 1 | 6 | 1 |45 | 18 > | BackedUp | NULL | TestVM-tiny-host-0ps-0-0_ROOT-45_20131209234410 | > ee2c46b7-7623-439a-9a30-63eec1d95c56 | 3 | HOURLY | > 21474836480 | 2013-12-09 23:44:10 | NULL| NULL | NULL | > NULL | NULL | KVM | 2.2 | NULL | > | 2 | 1 | 6 | 1 |43 | 18 > | BackedUp | NULL | TestVM-1_ROOT-43_20131209234410 | > 62c01389-49df
[jira] [Commented] (CLOUDSTACK-6745) DomainAdmin is not able to deploy Vm for users in his domain/subdomain.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14005502#comment-14005502 ] Sangeetha Hariharan commented on CLOUDSTACK-6745: - This issue is also seen when Domain admin tries to deploy a VM for a regular user in his domain in a shared network with scope "Domain"/"Account". > DomainAdmin is not able to deploy Vm for users in his domain/subdomain. > --- > > Key: CLOUDSTACK-6745 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6745 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Priority: Critical > Fix For: 4.4.0 > > > DomainAdmin is not able to deploy Vm for users in his domain/subdomain. > Steps to reproduce the problem: > Create a domain d1. > Create a regular user - d1a > Deploy a VM as user d1a > Create a domain admin user - d1 > As d1 , try to deploy a VM for user - d1a in the isolated network he owns by > passing asccount and domainId of d1a. > API fails with the following exception: > "Unable to use network with id= b40ce153-83c6-41f3-905b-90ce22c9ac24, > permission denied" > 2014-05-21 13:58:48,162 INFO [a.c.c.a.ApiServer] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) (userId=387 accountId=387 > sessionId=D51FD2C904EB65D7E1577D9ABAF5AACA) 10.215.2.8 -- GET > command=deployVirtualMachine&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a-11e3-ac31-4adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce22c9ac24&displayname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a > 531 Unable to use network with id= b40ce153-83c6-41f3-905b-90ce22c9ac24, > permission denied > Management server logs: > 2014-05-21 13:58:48,140 DEBUG [c.c.a.ApiServlet] > (catalina-exec-17:ctx-8541fadf) ===START=== 10.215.2.8 -- GET > command=deployVirtualMachi > ne&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a-11e3-ac31-4 > adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce22c9ac24&dis > playname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a > 2014-05-21 13:58:48,143 DEBUG [o.a.c.a.BaseCmd] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) Ignoring paremeter displayvm as > the caller is > not authorized to pass it in > 2014-05-21 13:58:48,144 DEBUG [o.a.c.a.BaseCmd] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) Ignoring paremeter > deploymentplanner as the ca > ller is not authorized to pass it in > 2014-05-21 13:58:48,153 DEBUG [c.c.u.AccountManagerImpl] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) Access to > Acct[5afd4de2-2a81-4c40-b7e > 7-b5cb139551c1-test-dom1] granted to > Acct[f1f9a82e-f931-4f59-bf93-ae83b6e773e6-dom1-admin] by DomainChecker > 2014-05-21 13:58:48,156 DEBUG [c.c.u.AccountManagerImpl] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) Access to > Acct[5afd4de2-2a81-4c40-b7e > 7-b5cb139551c1-test-dom1] granted to > Acct[f1f9a82e-f931-4f59-bf93-ae83b6e773e6-dom1-admin] by DomainChecker > 2014-05-21 13:58:48,161 INFO [c.c.a.ApiServer] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) PermissionDenied: Unable to use > network with i > d= b40ce153-83c6-41f3-905b-90ce22c9ac24, permission denied on objs: [] > 2014-05-21 13:58:48,162 DEBUG [c.c.a.ApiServlet] > (catalina-exec-17:ctx-8541fadf ctx-4320442b) ===END=== 10.215.2.8 -- GET > command=deployV > irtualMachine&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a- > 11e3-ac31-4adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce2 > 2c9ac24&displayname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CLOUDSTACK-6745) DomainAdmin is not able to deploy Vm for users in his domain/subdomain.
Sangeetha Hariharan created CLOUDSTACK-6745: --- Summary: DomainAdmin is not able to deploy Vm for users in his domain/subdomain. Key: CLOUDSTACK-6745 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6745 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.4.0 Environment: Build from 4.4 Reporter: Sangeetha Hariharan Priority: Critical Fix For: 4.4.0 DomainAdmin is not able to deploy Vm for users in his domain/subdomain. Steps to reproduce the problem: Create a domain d1. Create a regular user - d1a Deploy a VM as user d1a Create a domain admin user - d1 As d1 , try to deploy a VM for user - d1a in the isolated network he owns by passing asccount and domainId of d1a. API fails with the following exception: "Unable to use network with id= b40ce153-83c6-41f3-905b-90ce22c9ac24, permission denied" 2014-05-21 13:58:48,162 INFO [a.c.c.a.ApiServer] (catalina-exec-17:ctx-8541fadf ctx-4320442b) (userId=387 accountId=387 sessionId=D51FD2C904EB65D7E1577D9ABAF5AACA) 10.215.2.8 -- GET command=deployVirtualMachine&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a-11e3-ac31-4adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce22c9ac24&displayname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a 531 Unable to use network with id= b40ce153-83c6-41f3-905b-90ce22c9ac24, permission denied Management server logs: 2014-05-21 13:58:48,140 DEBUG [c.c.a.ApiServlet] (catalina-exec-17:ctx-8541fadf) ===START=== 10.215.2.8 -- GET command=deployVirtualMachi ne&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a-11e3-ac31-4 adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce22c9ac24&dis playname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a 2014-05-21 13:58:48,143 DEBUG [o.a.c.a.BaseCmd] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Ignoring paremeter displayvm as the caller is not authorized to pass it in 2014-05-21 13:58:48,144 DEBUG [o.a.c.a.BaseCmd] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Ignoring paremeter deploymentplanner as the ca ller is not authorized to pass it in 2014-05-21 13:58:48,153 DEBUG [c.c.u.AccountManagerImpl] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Access to Acct[5afd4de2-2a81-4c40-b7e 7-b5cb139551c1-test-dom1] granted to Acct[f1f9a82e-f931-4f59-bf93-ae83b6e773e6-dom1-admin] by DomainChecker 2014-05-21 13:58:48,156 DEBUG [c.c.u.AccountManagerImpl] (catalina-exec-17:ctx-8541fadf ctx-4320442b) Access to Acct[5afd4de2-2a81-4c40-b7e 7-b5cb139551c1-test-dom1] granted to Acct[f1f9a82e-f931-4f59-bf93-ae83b6e773e6-dom1-admin] by DomainChecker 2014-05-21 13:58:48,161 INFO [c.c.a.ApiServer] (catalina-exec-17:ctx-8541fadf ctx-4320442b) PermissionDenied: Unable to use network with i d= b40ce153-83c6-41f3-905b-90ce22c9ac24, permission denied on objs: [] 2014-05-21 13:58:48,162 DEBUG [c.c.a.ApiServlet] (catalina-exec-17:ctx-8541fadf ctx-4320442b) ===END=== 10.215.2.8 -- GET command=deployV irtualMachine&response=json&sessionkey=nEX1TsH7YWMyu7cvElRHR73m8Lc%3D&zoneid=749f7a5f-7a47-4357-bc67-1704936b58ea&templateid=90869df6-e02a- 11e3-ac31-4adf980f9414&hypervisor=Simulator&serviceofferingid=da56f514-c13d-4c4d-902d-a9342f7e8dc3&networkids=b40ce153-83c6-41f3-905b-90ce2 2c9ac24&displayname=test123&name=test123&_=1400719259855&account=test-dom1&domainid=b83c7d69-6536-478c-a756-b3d89ac9298a -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (CLOUDSTACK-6742) listVolumes - As regularuser , able to list Vms and volumes of other users.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-6742: Description: listVolumes - As regularuser , able to list Vms of other users and as domain admin , able to list Vms from other domains. Steps to reproduce the problem: Had a set up with 2 domains having few users accounts in each domain. Deploy Vms as each of these users. As any user , we are able to list Vms and volumes that belong to all other users including ROOT admin and domain Admin users. was: listVolumes - As regularuser , able to list Vms of other users and as domain admin , able to list Vms from other domains. Steps to reproduce the problem: Had a set up with 2 domains having few users accounts in each domain. Deploy Vms as each of these users. As any user , we are able to list Vms that belong to all other users including ROOT admin and domain Admin users. > listVolumes - As regularuser , able to list Vms and volumes of other users. > --- > > Key: CLOUDSTACK-6742 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6742 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Priority: Critical > Fix For: 4.4.0 > > > listVolumes - As regularuser , able to list Vms of other users and as domain > admin , able to list Vms from other domains. > Steps to reproduce the problem: > Had a set up with 2 domains having few users accounts in each domain. > Deploy Vms as each of these users. > As any user , we are able to list Vms and volumes that belong to all other > users including ROOT admin and domain Admin users. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CLOUDSTACK-6742) listVolumes - As regularuser , able to list Vms and volumes of other users.
Sangeetha Hariharan created CLOUDSTACK-6742: --- Summary: listVolumes - As regularuser , able to list Vms and volumes of other users. Key: CLOUDSTACK-6742 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6742 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.4.0 Environment: Build from 4.4 Reporter: Sangeetha Hariharan Priority: Critical Fix For: 4.4.0 listVolumes - As regularuser , able to list Vms of other users and as domain admin , able to list Vms from other domains. Steps to reproduce the problem: Had a set up with 2 domains having few users accounts in each domain. Deploy Vms as each of these users. As any user , we are able to list Vms that belong to all other users including ROOT admin and domain Admin users. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (CLOUDSTACK-6584) IAM - Deletion of domain fails.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6584?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-6584: Attachment: logs.rar > IAM - Deletion of domain fails. > --- > > Key: CLOUDSTACK-6584 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6584 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Priority: Critical > Fix For: 4.4.0 > > Attachments: logs.rar > > > IAM - Deletion of domain fails. > Created the following set of domains: > ROOT > d1 > d1/d11 > d1/d11/d111 > d2 > Shared networks were created for domain d11 > Shared networks were created for an account under domain d111. > > Accounts are created under each of the domains. > Deploy Vms as these accounts using the shared networks. > I delete all the accounts which resulted in all the Vms being Expunged. > Now I tried to delete the domain - d1 (D1-PM76WG) which always fails with > force delete option. > Following exception seen in management server logs: > 61-ExposeInvocationInterceptor.invoke:91-ReflectiveMethodInvocation.proceed:172-JdkDynamicAopProxy.invoke:204-$Proxy47.remove:-1-DomainManagerImpl.cleanupDomain:443-DomainM > anagerImpl.deleteDomain:272-DomainManagerImpl.deleteDomain:257 > 2014-05-06 11:03:30,586 ERROR [c.c.u.DomainManagerImpl] > (API-Job-Executor-15:job-733 ctx-343d4b67) Exception deleting domain with id > 112 > com.cloud.utils.exception.CloudRuntimeException: Failed to clean up domain > resources and sub domains, delete failed on domain D1-PM76WG (id: 112). > at > com.cloud.user.DomainManagerImpl.deleteDomain(DomainManagerImpl.java:274) > at > com.cloud.user.DomainManagerImpl.deleteDomain(DomainManagerImpl.java:257) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) > at > org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:106) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161) > at > com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161) > at > org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) > at com.sun.proxy.$Proxy110.deleteDomain(Unknown Source) > at > org.apache.cloudstack.region.RegionManagerImpl.deleteDomain(RegionManagerImpl.java:242) > at > org.apache.cloudstack.region.RegionServiceImpl.deleteDomain(RegionServiceImpl.java:169) > at > org.apache.cloudstack.api.command.admin.domain.DeleteDomainCmd.execute(DeleteDomainCmd.java:103) > at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:119) > at > com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:108) > at > org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:495) > at > org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49) > at > org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56) > at > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103) > at > org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53) > at > org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46) > at > org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.jav
[jira] [Created] (CLOUDSTACK-6584) IAM - Deletion of domain fails.
Sangeetha Hariharan created CLOUDSTACK-6584: --- Summary: IAM - Deletion of domain fails. Key: CLOUDSTACK-6584 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6584 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: IAM Affects Versions: 4.4.0 Environment: Build from 4.4 Reporter: Sangeetha Hariharan Priority: Critical Fix For: 4.4.0 IAM - Deletion of domain fails. Created the following set of domains: ROOT d1 d1/d11 d1/d11/d111 d2 Shared networks were created for domain d11 Shared networks were created for an account under domain d111. Accounts are created under each of the domains. Deploy Vms as these accounts using the shared networks. I delete all the accounts which resulted in all the Vms being Expunged. Now I tried to delete the domain - d1 (D1-PM76WG) which always fails with force delete option. Following exception seen in management server logs: 61-ExposeInvocationInterceptor.invoke:91-ReflectiveMethodInvocation.proceed:172-JdkDynamicAopProxy.invoke:204-$Proxy47.remove:-1-DomainManagerImpl.cleanupDomain:443-DomainM anagerImpl.deleteDomain:272-DomainManagerImpl.deleteDomain:257 2014-05-06 11:03:30,586 ERROR [c.c.u.DomainManagerImpl] (API-Job-Executor-15:job-733 ctx-343d4b67) Exception deleting domain with id 112 com.cloud.utils.exception.CloudRuntimeException: Failed to clean up domain resources and sub domains, delete failed on domain D1-PM76WG (id: 112). at com.cloud.user.DomainManagerImpl.deleteDomain(DomainManagerImpl.java:274) at com.cloud.user.DomainManagerImpl.deleteDomain(DomainManagerImpl.java:257) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:106) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161) at com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.sun.proxy.$Proxy110.deleteDomain(Unknown Source) at org.apache.cloudstack.region.RegionManagerImpl.deleteDomain(RegionManagerImpl.java:242) at org.apache.cloudstack.region.RegionServiceImpl.deleteDomain(RegionServiceImpl.java:169) at org.apache.cloudstack.api.command.admin.domain.DeleteDomainCmd.execute(DeleteDomainCmd.java:103) at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:119) at com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:108) at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:495) at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103) at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53) at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46) at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:452) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.
[jira] [Created] (CLOUDSTACK-6581) IAM - Shared Network -Root Admin user is allowed to deploy VM in a shared network that is scoped for a specific domain/account.
Sangeetha Hariharan created CLOUDSTACK-6581: --- Summary: IAM - Shared Network -Root Admin user is allowed to deploy VM in a shared network that is scoped for a specific domain/account. Key: CLOUDSTACK-6581 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6581 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: IAM Affects Versions: 4.4.0 Environment: Build from 4.4 Reporter: Sangeetha Hariharan Priority: Critical Fix For: 4.4.0 IAM - Shared Network -Root Admin user is allowed to deploy VM in a shared network that is scoped for a specific domain/account. Steps to reproduce the problem: Create a admin account for "ROOT" domain. Create a domain d1 with account a1. Create a shared network for domain d1 with sub domain access set to true. Create a shared network for domain d1 with sub domain access set to false. Create a shared network for account a1 d1 with sub domain access set to false. As ROOT admin , try to deploy a VM in the above created shared networks. Vm deployment succeeds. Expected Result: ROOT admin should not be allowed to deploy VMs in shared networks that are scoped for a specific domain/account. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CLOUDSTACK-6569) IAM - Regular user is able to listNetworks of another user in the same domain , by passing account and domainId.
Sangeetha Hariharan created CLOUDSTACK-6569:
---
Summary: IAM - Regular user is able to listNetworks of another
user in the same domain , by passing account and domainId.
Key: CLOUDSTACK-6569
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6569
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: IAM
Affects Versions: 4.4.0
Environment: Build from 4.4
Reporter: Sangeetha Hariharan
Priority: Critical
Fix For: 4.4.0
Regular user is able to listNetworks of another user in the same domain , by
passing account and domainId.
Domain - d1.
3 users in this domain , testd1 - domainadmin , testd1a and testd1b regular
users.
Each of the users have 1 isolated network.
As testd1a , tried to list network of testd1b by passing account and domainId.
ListNetwork returns testd1b's isolated network.
2014-05-02 10:21:29,090 INFO [a.c.c.a.ApiServer]
(catalina-exec-15:ctx-bbcf35b4 ctx-f1b42d4e) (userId=4 accountId=4
sessionId=AE73B9C62BB908DE5DE16655DAD0CB75) 10.215.2.8 -- GET
command=listNetworks&response=json&sessionkey=vHQRHlttApujok8Jf73KKKww5XM%3D&listAll=true&page=1&pagesize=20&domainid=3abd56e8-97da-40f9-b6f5-33fd5b28b43e&response=json&account=testD1B-TestNetworkList-KOGK49
200 { "listnetworksresponse" : { "count":4 ,"network" : [
{"id":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","name":"testD1B-TestNetworkList-KOGK49-network","displaytext":"testD1B-TestNetworkList-KOGK49-network","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"10.1.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"fc25eb7b-d884-4cc3-acbb-a321817a3567","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
for Isolated networks with Source Nat service
enabled","networkofferingconservemode":true,"networkofferingavailability":"Required","issystem":false,"state":"Implemented","related":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","dns1":"4.2.2.2","type":"Isolated","acltype":"Account","account":"testD1B-TestNetworkList-KOGK49","domainid":"3abd56e8-97da-40f9-b6f5-33fd5b28b43e","domain":"D1-R549ZO","service":[{"name":"PortForwarding"},{"name":"UserData"},{"name":"Firewall","capability":[{"name":"MultipleIps","value":"true","canchooseservicecapability":false},{"name":"SupportedEgressProtocols","value":"tcp,udp,icmp,
all","canchooseservicecapability":false},{"name":"SupportedProtocols","value":"tcp,udp,icmp","canchooseservicecapability":false},{"name":"SupportedTrafficDirection","value":"ingress,
egress","canchooseservicecapability":false},{"name":"TrafficStatistics","value":"per
public
ip","canchooseservicecapability":false}]},{"name":"Lb","capability":[{"name":"AutoScaleCounters","value":"[{\"methodname\":\"cpu\",\"paramlist\":[]},{\"methodname\":\"memory\",\"paramlist\":[]}]","canchooseservicecapability":false},{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false},{"name":"SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false},{"name":"LbSchemes","value":"Public","canchooseservicecapability":false},{"name":"SupportedProtocols","value":"tcp,
udp","canchooseservicecapability":false},{"name":"SupportedStickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"domain\",\"required\":false,\"isflag\":false,\"description\":\"
\"}],\"description\":\"This is loadbalancer cookie based stickiness
method.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"holdtime\",\"required\":false,\"isflag\":false,\"description\":\"
\"},{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"description\":\"
\"},{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
\"}],\"description\":\"This is App session based sticky method. Define session
stickiness on an existing application cookie. It can be used only for a
specific http
traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[{\"paramname
[jira] [Created] (CLOUDSTACK-6558) IAM - Admin user is able to deploy VM in a regular user's Security Group.
Sangeetha Hariharan created CLOUDSTACK-6558: --- Summary: IAM - Admin user is able to deploy VM in a regular user's Security Group. Key: CLOUDSTACK-6558 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6558 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: IAM Affects Versions: 4.4.0 Environment: Build from 4.4 Reporter: Sangeetha Hariharan Priority: Critical Fix For: 4.4.0 IAM - Admin user is able to deploy VM in a regular user's Security Group. Steps to reproduce the problem: Basic Zone set up: As regular user , create a Security group. As admin , try to deploy a VM using this security group. Admin is allowed to deploy a VM using this security group. Expected Result: Admin should not be allowed to deploy a VM using regular user's security group. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CLOUDSTACK-6533) IAM - Templates - Public templates do not have permissions to be used by ROOT group.
Sangeetha Hariharan created CLOUDSTACK-6533: --- Summary: IAM - Templates - Public templates do not have permissions to be used by ROOT group. Key: CLOUDSTACK-6533 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6533 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: IAM Affects Versions: 4.4.0 Environment: Build from 4.4 Reporter: Sangeetha Hariharan Priority: Critical Fix For: 4.4.0 IAM - Templates - Public templates do not have permissions to be used by ROOT group. As regular user create a public template. In iam_policy_permission policy we do not have permission for Admin group. mysql> select * from iam_policy_permission where scope_id = 206; +--+---+---++--+--+-++---+-+-+ | id | policy_id | action| resource_type | scope_id | scope | access_type | permission | recursive | removed | created | +--+---+---++--+--+-++---+-+-+ | 4949 | 3 | listTemplates | VirtualMachineTemplate | 206 | RESOURCE | UseEntry| Allow | 0 | NULL| 2014-04-29 11:03:52 | | 4950 | 1 | listTemplates | VirtualMachineTemplate | 206 | RESOURCE | UseEntry| Allow | 0 | NULL| 2014-04-29 11:03:52 | mysql> select * from vm_template where id=206; +-+--++--++--+--+-+--+-++-+-++--+-+-+---+-+--+-+-+-+-++--+--+-++--+-+--+ | id | unique_name | name | uuid | public | featured | type | hvm | bits | url | format | created | removed | account_id | checksum | display_text| enable_password | enable_sshkey | guest_os_id | bootable | prepopulate | cross_zones | extractable | hypervisor_type | source_template_id | template_tag | sort_key | size| state | update_count | updated | dynamically_scalable | +-+--++--++--+--+-+--+-++-+-++--+-+-+---+-+--+-+-+-+-++--+--+-++--+-+--+ | 206 | 206-318-179129bc-531f-31fe-a21d-23a8aa7b666f | Public_featured_d2a-G3GJQW | 265192c9-88d3-41d4-b435-6d3c3e5d256a | 1 | 1 | USER | 1 | 64 | http://10.223.110.232:/test.vhd | VHD| 2014-04-29 11:03:52 | NULL|318 | NULL | public and feature Template | 0 | 0 | 12 |1 | 0 | 0 | 1 | Simulator | NULL | NULL |0 | 5242880 | Active |0 | NULL| 0 | +-+--++--++--+--+-+--+-++-+-++--+-+-+---+-+--+-+-+-+-++--+--+-++--+-+--+ 1 row in set (0.00 sec) Inspite of not having the required permissions to use the template , admin is able to use this template for vm deployment. Root cause for this bug is similar to bug - Bug CLOUDSTACK-6517 The same behavior is also observed for default templates: mysql> select * from iam_policy_permission where scope_id = 111; +--+---+---++--+--+-++---+-+-+ | id | policy_id | action| resource_type | scope_id | scope | access_type | per
[jira] [Created] (CLOUDSTACK-6532) Affinity Groups - As admin user, not able to list all affinity groups available for regular users by passing account and domainId paramater.
Sangeetha Hariharan created CLOUDSTACK-6532:
---
Summary: Affinity Groups - As admin user, not able to list all
affinity groups available for regular users by passing account and domainId
paramater.
Key: CLOUDSTACK-6532
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6532
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: IAM
Affects Versions: 4.4.0
Environment: Build from 4.4
Reporter: Sangeetha Hariharan
Fix For: 4.4.0
Create an anti-affinity group as regular user.
As admin user, try to list all affinity groups available for regular users by
passing account and domainId parameter.
http://10.223.49.6:8080/client/api?command=listAffinityGroups&response=json&sessionkey=okCw58hoD%2BrUSZ9NO5LKHz6ie9U%3D&_=1398792364257&account=testD1A-TestVMList-U27DEV&domainId=71dcc0ac-c230-4e96-97ad-6e4f3ddc53cf
No affinity group is listed.
As regular user:
{ "listaffinitygroupsresponse" : { "count":1 ,"affinitygroup" : [
{"id":"bee9a7c5-3124-46b6-b258-893c8c9cc244","name":"test-123","description":"test-123","account":"testD1A-TestVMList-U27DEV","domainid":"71dcc0ac-c230-4e96-97ad-6e4f3ddc53cf","domain":"D1-19BDAN","type":"host
anti-affinity"} ] } }
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Updated] (CLOUDSTACK-6532) Affinity Groups - As admin user, not able to list all affinity groups available for regular users by passing account and domainId paramater.
[
https://issues.apache.org/jira/browse/CLOUDSTACK-6532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan updated CLOUDSTACK-6532:
Priority: Critical (was: Major)
> Affinity Groups - As admin user, not able to list all affinity groups
> available for regular users by passing account and domainId paramater.
>
>
> Key: CLOUDSTACK-6532
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6532
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: IAM
>Affects Versions: 4.4.0
> Environment: Build from 4.4
>Reporter: Sangeetha Hariharan
>Priority: Critical
> Fix For: 4.4.0
>
>
> Create an anti-affinity group as regular user.
> As admin user, try to list all affinity groups available for regular users by
> passing account and domainId parameter.
> http://10.223.49.6:8080/client/api?command=listAffinityGroups&response=json&sessionkey=okCw58hoD%2BrUSZ9NO5LKHz6ie9U%3D&_=1398792364257&account=testD1A-TestVMList-U27DEV&domainId=71dcc0ac-c230-4e96-97ad-6e4f3ddc53cf
> No affinity group is listed.
> As regular user:
> { "listaffinitygroupsresponse" : { "count":1 ,"affinitygroup" : [
> {"id":"bee9a7c5-3124-46b6-b258-893c8c9cc244","name":"test-123","description":"test-123","account":"testD1A-TestVMList-U27DEV","domainid":"71dcc0ac-c230-4e96-97ad-6e4f3ddc53cf","domain":"D1-19BDAN","type":"host
> anti-affinity"} ] } }
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Created] (CLOUDSTACK-6517) IAM - Admin is allowed to create PortFowarding rule for a regular user, when admin does not have " UseEntry" permission for IpAddress.
Sangeetha Hariharan created CLOUDSTACK-6517: --- Summary: IAM - Admin is allowed to create PortFowarding rule for a regular user, when admin does not have " UseEntry" permission for IpAddress. Key: CLOUDSTACK-6517 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6517 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: IAM Affects Versions: 4.4.0 Environment: Build from 4.4 Reporter: Sangeetha Hariharan Fix For: 4.4.0 IAM - Admin is allowed to create PortFowarding rule for a regular user, when admin does not have " UseEntry" permission for IpAddress. Steps to reproduce the problem: As regular user , on a network he owns , acquire an ip address. As admin , try to create a PF rule on this ip address without passing account and domainId. Creating PF rule succeeds. Since Admin has only "ListEntry" permission for IpAddress owned by other users , we expect this api call to fail. mysql> select * from iam_policy_permission where resource_type = 'IpAddress' and policy_id=2; +--+---+---+---+--+-+--++---+-+-+ | id | policy_id | action| resource_type | scope_id | scope | access_type | permission | recursive | removed | created | +--+---+---+---+--+-+--++---+-+-+ | 1840 | 2 | listPublicIpAddresses | IpAddress | -1 | ALL | ListEntry| Allow | 0 | NULL| 2014-04-22 18:31:03 | | 1841 | 2 | listPublicIpAddresses | IpAddress | -1 | ACCOUNT | UseEntry | Allow | 0 | NULL| 2014-04-22 18:31:03 | Admin should be allowed to do this only , when he passes account and domainId of the regular user is passed. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (CLOUDSTACK-6513) IAM - Templates - When templates are listed with templatefilter="shared" is used , we see public templates also being included in the list.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-6513: Priority: Critical (was: Major) > IAM - Templates - When templates are listed with templatefilter="shared" is > used , we see public templates also being included in the list. > --- > > Key: CLOUDSTACK-6513 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6513 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan >Priority: Critical > Fix For: 4.4.0 > > > IAM - Templates - When templates are listed with templatefilter="shared" is > used , we see public templates also being included in the list. > Steps to reproduce the problem: > As user1 , Create a private template and a public template. > Grant access to the private template for user2 using > updateTemplatePermissions. > As user2 , list templates with templatefilter="shared". This returns both > public and the the shared template. > GET > http://10.223.49.6/client/api?command=listTemplates&pagesize=100&page=1&listAll=true&templatefilter=shared&apiKey=SrgUY-U-nUl4qsOyn409kCjA2jC7dR5ReIV9SjdnmzLOn3c0Fm-vZbDSpkldUjuqLAXt5ShodtXYOgRB5NCnJQ&signature=WBO8ll9nyjiB29aVq%2FpUsEQrthM%3D > \n\n > cloud-stack-version="4.4.0-SNAPSHOT">6a2065bcc-7139-46b0-ac15-db7d3ff7dd75Public_featured_d1a-TP7TPKpublic > and feature > Templatetrue2014-04-21T13:50:35-0400truefalseVHDtruefalsee5ebce64-c019-11e3-907f-4adf980f9414CentOS > 5.3 > (64-bit)testtemplateD1A75d61334-ff70-49c3-99ed-3af702cd51d7BLR15242880USERSimulatorD1691ab662-6793-42a0-96e6-3b31a2c4e52dtruefalsefalsece1635dc-1fcb-4f60-8d2f-d1129a3771cePublic_not_featured_d2a-NPYFSNpublic > and not feature > Templatetrue2014-04-21T13:50:36-0400truefalseVHDfalsefalsee5ebce64-c019-11e3-907f-4adf980f9414CentOS > 5.3 > (64-bit)testtemplateD275d61334-ff70-49c3-99ed-3af702cd51d7BLR15242880USERSimulatorD218222e53-7221-4d6f-9a76-8f59869f24b2truefalsefalse223e0c09-e18e-4188-9d8e-7ff2e2305547Private_featured_d1-E9PQHOprivate > and featured > Templatefalse2014-04-21T13:50:36-0400truefalseVHDtruefalsee5ebce64-c019-11e3-907f-4adf980f9414CentOS > 5.3 > (64-bit)testtemplateD1A75d61334-ff70-49c3-99ed-3af702cd51d7BLR15242880USERSimulatorD1691ab662-6793-42a0-96e6-3b31a2c4e52dtruefalsefalsea7b69a5e-4cb3-45fa-b3e7-dab3a6b73e45Public_not_featured_d1a-XOCR05public > and not feature > Templatetrue2014-04-21T13:50:35-0400truefalseVHDfalsefalsee5ebce64-c019-11e3-907f-4adf980f9414CentOS > 5.3 > (64-bit)testtemplateD1A75d61334-ff70-49c3-99ed-3af702cd51d7BLR15242880USERSimulatorD1691ab662-6793-42a0-96e6-3b31a2c4e52dtruefalsefalsee65cdfa0-c019-11e3-907f-4adf980f9414CentOS > 5.3(64-bit) no GUI (Simulator)CentOS 5.3(64-bit) no GUI > (Simulator)true2014-04-09T15:15:54-0400truefalseVHDtruetruee5eba5c4-c019-11e3-907f-4adf980f9414CentOS > 5.3 > (32-bit)system75d61334-ff70-49c3-99ed-3af702cd51d7BLR12147483648BUILTINSimulatorROOTe5e2ad7a-c019-11e3-907f-4adf980f9414falsefalsefalse23112683-9725-4edf-8f4f-89e41455b515Public_featured_d2a-RGVLAApublic > and feature > Templatetrue2014-04-21T13:50:36-0400truefalseVHDtruefalse id>e5ebce64-c019-11e3-907f-4adf980f9414CentOS 5.3 > (64-bit)testtemplateD2 ount>75d61334-ff70-49c3-99ed-3af702cd51d7BLR15242880USER< > /templatetype>SimulatorD218222e53-7221-4d6f-9a76-8f59869f24b2 d>truefalsefalse le>Connection to 10.223.49.6 8080 port > [tcp/webcache] succeeded! > Expected Behavior: > We expect only the shared templates to be listed in this case. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (CLOUDSTACK-6512) IAM - Not able to list shared networks in the Vm deployment flow.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6512?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-6512: Component/s: (was: Management Server) IAM > IAM - Not able to list shared networks in the Vm deployment flow. > - > > Key: CLOUDSTACK-6512 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6512 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4. >Reporter: Sangeetha Hariharan >Priority: Critical > Fix For: 4.4.0 > > > IAM - Not able to list shared networks in the Vm deployment flow. > Steps to reproduce the problem: > Create a shared network that is domain specific / account specific. > Log in as the account which should have access to this shared network. > Using UI , try to deploy a VM using this shared network. > shared network is not displayed in the list of networks. > This is the call made by UI: > http://10.223.49.6:8080/client/api?command=listNetworks&response=json&sessionkey=Enn1TgriYaANFQ%2BDKJR7T2Jc9l0%3D&zoneId=fdd0ce43-41b8-49ef-9e59-70ead27bda4c&canusefordeploy=true&domainid=a59a0ce2-b5aa-4460-ade8-91d26e048bc4&account=testD1&_=1398446574911 > > When Networks are listed using the network tab , then we see the shared > network being listed. > Following API call without the domainid and account paramater is able to > return the shared network. > http://10.223.49.6:8080/client/api?command=listNetworks&response=json&sessionkey=Enn1TgriYaANFQ%2BDKJR7T2Jc9l0%3D&listAll=true&page=1&pagesize=20&_=1398446422647 -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (CLOUDSTACK-6513) IAM - Templates - When templates are listed with templatefilter="shared" is used , we see public templates also being included in the list.
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sangeetha Hariharan updated CLOUDSTACK-6513: Component/s: IAM Description: IAM - Templates - When templates are listed with templatefilter="shared" is used , we see public templates also being included in the list. Steps to reproduce the problem: As user1 , Create a private template and a public template. Grant access to the private template for user2 using updateTemplatePermissions. As user2 , list templates with templatefilter="shared". This returns both public and the the shared template. GET http://10.223.49.6/client/api?command=listTemplates&pagesize=100&page=1&listAll=true&templatefilter=shared&apiKey=SrgUY-U-nUl4qsOyn409kCjA2jC7dR5ReIV9SjdnmzLOn3c0Fm-vZbDSpkldUjuqLAXt5ShodtXYOgRB5NCnJQ&signature=WBO8ll9nyjiB29aVq%2FpUsEQrthM%3D \n\n 6a2065bcc-7139-46b0-ac15-db7d3ff7dd75Public_featured_d1a-TP7TPKpublic and feature Templatetrue2014-04-21T13:50:35-0400truefalseVHDtruefalsee5ebce64-c019-11e3-907f-4adf980f9414CentOS 5.3 (64-bit)testtemplateD1A75d61334-ff70-49c3-99ed-3af702cd51d7BLR15242880USERSimulatorD1691ab662-6793-42a0-96e6-3b31a2c4e52dtruefalsefalsece1635dc-1fcb-4f60-8d2f-d1129a3771cePublic_not_featured_d2a-NPYFSNpublic and not feature Templatetrue2014-04-21T13:50:36-0400truefalseVHDfalsefalsee5ebce64-c019-11e3-907f-4adf980f9414CentOS 5.3 (64-bit)testtemplateD275d61334-ff70-49c3-99ed-3af702cd51d7BLR15242880USERSimulatorD218222e53-7221-4d6f-9a76-8f59869f24b2truefalsefalse223e0c09-e18e-4188-9d8e-7ff2e2305547Private_featured_d1-E9PQHOprivate and featured Templatefalse2014-04-21T13:50:36-0400truefalseVHDtruefalsee5ebce64-c019-11e3-907f-4adf980f9414CentOS 5.3 (64-bit)testtemplateD1A75d61334-ff70-49c3-99ed-3af702cd51d7BLR15242880USERSimulatorD1691ab662-6793-42a0-96e6-3b31a2c4e52dtruefalsefalsea7b69a5e-4cb3-45fa-b3e7-dab3a6b73e45Public_not_featured_d1a-XOCR05public and not feature Templatetrue2014-04-21T13:50:35-0400truefalseVHDfalsefalsee5ebce64-c019-11e3-907f-4adf980f9414CentOS 5.3 (64-bit)testtemplateD1A75d61334-ff70-49c3-99ed-3af702cd51d7BLR15242880USERSimulatorD1691ab662-6793-42a0-96e6-3b31a2c4e52dtruefalsefalsee65cdfa0-c019-11e3-907f-4adf980f9414CentOS 5.3(64-bit) no GUI (Simulator)CentOS 5.3(64-bit) no GUI (Simulator)true2014-04-09T15:15:54-0400truefalseVHDtruetruee5eba5c4-c019-11e3-907f-4adf980f9414CentOS 5.3 (32-bit)system75d61334-ff70-49c3-99ed-3af702cd51d7BLR12147483648BUILTINSimulatorROOTe5e2ad7a-c019-11e3-907f-4adf980f9414falsefalsefalse23112683-9725-4edf-8f4f-89e41455b515Public_featured_d2a-RGVLAApublic and feature Templatetrue2014-04-21T13:50:36-0400truefalseVHDtruefalsee5ebce64-c019-11e3-907f-4adf980f9414CentOS 5.3 (64-bit)testtemplateD275d61334-ff70-49c3-99ed-3af702cd51d7BLR15242880USER< /templatetype>SimulatorD218222e53-7221-4d6f-9a76-8f59869f24b2truefalsefalseConnection to 10.223.49.6 8080 port [tcp/webcache] succeeded! Expected Behavior: We expect only the shared templates to be listed in this case. Environment: Build from 4.4 Affects Version/s: 4.4.0 Fix Version/s: 4.4.0 Summary: IAM - Templates - When templates are listed with templatefilter="shared" is used , we see public templates also being included in the list. (was: IAM - Templates - When tenplatefilter="shared) > IAM - Templates - When templates are listed with templatefilter="shared" is > used , we see public templates also being included in the list. > --- > > Key: CLOUDSTACK-6513 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6513 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: IAM >Affects Versions: 4.4.0 > Environment: Build from 4.4 >Reporter: Sangeetha Hariharan > Fix For: 4.4.0 > > > IAM - Templates - When templates are listed with templatefilter="shared" is > used , we see public templates also being included in the list. > Steps to reproduce the problem: > As user1 , Create a private template and a public template. > Grant access to the private template for user2 using > updateTemplatePermissions. > As user2 , list templates with templatefilter="shared". This returns both > public and the the shared template. > GET > http://10.223.49.6/client/api?command=listTemplates&pagesize=100&page=1&listAll=true&templatefilter=shared&apiKey=SrgUY-U-nUl4qsOyn409kCjA2jC7dR5ReIV9SjdnmzLOn3c0Fm-vZbDSpkldUjuqLAXt5ShodtXYOgRB5NCnJQ&signature=WBO8ll9nyjiB29aVq%2FpUsEQrthM%3D > \n\n > cloud-stack-version="4.4.0-SNAPSHOT">6a2065bcc-7139-46b0-ac15-db7d3ff7dd75Public_featured_d1a-TP7TPKpublic > and feature > Templatetrue2014-04-21T13:
[jira] [Created] (CLOUDSTACK-6513) IAM - Templates - When tenplatefilter="shared
Sangeetha Hariharan created CLOUDSTACK-6513: --- Summary: IAM - Templates - When tenplatefilter="shared Key: CLOUDSTACK-6513 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6513 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Reporter: Sangeetha Hariharan -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CLOUDSTACK-6512) IAM - Not able to list shared networks in the Vm deployment flow.
Sangeetha Hariharan created CLOUDSTACK-6512: --- Summary: IAM - Not able to list shared networks in the Vm deployment flow. Key: CLOUDSTACK-6512 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6512 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.4.0 Environment: Build from 4.4. Reporter: Sangeetha Hariharan Priority: Critical Fix For: 4.4.0 IAM - Not able to list shared networks in the Vm deployment flow. Steps to reproduce the problem: Create a shared network that is domain specific / account specific. Log in as the account which should have access to this shared network. Using UI , try to deploy a VM using this shared network. shared network is not displayed in the list of networks. This is the call made by UI: http://10.223.49.6:8080/client/api?command=listNetworks&response=json&sessionkey=Enn1TgriYaANFQ%2BDKJR7T2Jc9l0%3D&zoneId=fdd0ce43-41b8-49ef-9e59-70ead27bda4c&canusefordeploy=true&domainid=a59a0ce2-b5aa-4460-ade8-91d26e048bc4&account=testD1&_=1398446574911 When Networks are listed using the network tab , then we see the shared network being listed. Following API call without the domainid and account paramater is able to return the shared network. http://10.223.49.6:8080/client/api?command=listNetworks&response=json&sessionkey=Enn1TgriYaANFQ%2BDKJR7T2Jc9l0%3D&listAll=true&page=1&pagesize=20&_=1398446422647 -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CLOUDSTACK-6501) IAM - DomainAdmin - When listVirtualMachines is used with listall=true and account and domainId , Vms owned by the account account is not listed.
Sangeetha Hariharan created CLOUDSTACK-6501: --- Summary: IAM - DomainAdmin - When listVirtualMachines is used with listall=true and account and domainId , Vms owned by the account account is not listed. Key: CLOUDSTACK-6501 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6501 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: IAM Affects Versions: 4.4.0 Environment: Build from 4.4 Reporter: Sangeetha Hariharan Priority: Critical Fix For: 4.4.0 IAM - DomainAdmin - When listVirtualMachines is used with listall=true and account and domainId , Vms owned by the account is not listed. Steps to reproduce the problem: Set up: Pre Reqs: Admin - Creates object Domain Admin for d1 - D1 - Creates object - d1 Domain Admin for d1 - D1/D11 User account for d1 - D1/D111 - Creates object - d111a Domain Admin for d1 - D1/D12 Domain Admin for d2 - D2 - Creates object -d2 User Account in domain D1 - userD1-1 - Creates object -d1a User Account in domain D1 - userD1-2 - Creates object - d1b Domain Account in domain D1/D11 - D11 - Creates object - d11 User Account in domain D1/D11 - userD1-a - Creates object - d11a User Account in domain D1/D11 - userD1-a - Creates object - d11b User Account in domain D1/D12- userD1-b - Creates object - d12a User Account in domain D1/D12 - userD-a - Creates object - d12b As domain admin account D1 , try to list all the Vms for d11 (domain admin user) using account and domainId parameters. Expected Result: Vm owned by the account that is passed in account/domainId parameter. Actual Result: Empty set is returned. GET http://10.223.49.6/client/api?command=listVirtualMachines&domainId=0e8d9d60-c39a-4304-b048-1e63500d0d30&account=testD11&listAll=true&isrecursive=true&apiKey=bW1FEJkIERji0cWRNQqvmWOgOINjMeBggyoPsMjN9_Qnvq-QtC6L4ORqmbdfQ-XtUYQdSoJIniZrHK3_oi9pcQ&signature=5qLgaWzslWKSz%2FXbVSK0zdj%2B49I%3D \n\n current Time: Thu Apr 24 14:43:18 PDT 2014 Connection to 10.223.49.6 8080 port [tcp/webcache] succeeded! Response Time(in secs) : 0 current Time: Thu Apr 24 14:43:18 PDT 2014 -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (CLOUDSTACK-6474) IAM - Not able to list shared networks that is created with scope="all"
Sangeetha Hariharan created CLOUDSTACK-6474:
---
Summary: IAM - Not able to list shared networks that is created
with scope="all"
Key: CLOUDSTACK-6474
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6474
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: IAM
Affects Versions: 4.4.0
Environment: Build from 4.4
Reporter: Sangeetha Hariharan
Priority: Critical
Fix For: 4.4.0
IAM - Not able to list shared networks that is created with scope="all"
Steps to reproduce the problem:
As admin , create a shared network with scope="all".
As regular user , tried to list networks. No shared network is returned.
http://10.223.49.6:8080/client/api?command=listNetworks&response=json&sessionkey=wOwS556QDduN5hRqHf1PU3gPBEw%3D&listAll=true&page=1&pagesize=20&_=1398206302627
"listnetworksresponse" : { } }
As admin user , I am able to list this network:
http://10.223.49.6:8080/client/api?command=listNetworks&response=json&sessionkey=58UVhAXG49kJHSOENDGphnXDEh4%3D&listAll=true&page=1&pagesize=20&_=1398206454900
{ "listnetworksresponse" : { "count":3 ,"network" : [
{"id":"65324d0a-5571-4e96-aebe-89d45fbabc72","name":"test-domain","displaytext":"test-domain","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.223.1.1","netmask":"255.255.255.0","cidr":"10.223.1.0/24","zoneid":"75d61334-ff70-49c3-99ed-3af702cd51d7","zonename":"BLR1","networkofferingid":"564de11f-a786-44cf-a729-c4683a12dfe0","networkofferingname":"DefaultSharedNetworkOfferingWithSGService","networkofferingdisplaytext":"Offering
for Shared Security group enabled
networks","networkofferingconservemode":true,"networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"65324d0a-5571-4e96-aebe-89d45fbabc72","broadcasturi":"vlan://501","dns1":"4.2.2.2","type":"Shared","vlan":"501","acltype":"Domain","subdomainaccess":false,"domainid":"691ab662-6793-42a0-96e6-3b31a2c4e52d","domain":"D1","service":[{"name":"UserData"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}]},{"name":"SecurityGroup"}],"networkdomain":"cs1cloud.internal","physicalnetworkid":"3856a5bc-8509-4a7f-a92e-86146cbc6bc1","restartrequired":false,"specifyipranges":true,"canusefordeploy":true,"ispersistent":false,"tags":[],"displaynetwork":true,"strechedl2subnet":false},
{"id":"49146336-bf81-4861-a2bd-5c92efc14cff","name":"test","displaytext":"test","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.223.1.1","netmask":"255.255.255.0","cidr":"10.223.1.0/24","zoneid":"75d61334-ff70-49c3-99ed-3af702cd51d7","zonename":"BLR1","networkofferingid":"564de11f-a786-44cf-a729-c4683a12dfe0","networkofferingname":"DefaultSharedNetworkOfferingWithSGService","networkofferingdisplaytext":"Offering
for Shared Security group enabled
networks","networkofferingconservemode":true,"networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"49146336-bf81-4861-a2bd-5c92efc14cff","broadcasturi":"vlan://500","dns1":"4.2.2.2","type":"Shared","vlan":"500","acltype":"Domain","subdomainaccess":true,"domainid":"e5e2ad7a-c019-11e3-907f-4adf980f9414","domain":"ROOT","service":[{"name":"UserData"},{"name":"Dns","capability":[{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}]},{"name":"SecurityGroup"}],"networkdomain":"cs1cloud.internal","physicalnetworkid":"3856a5bc-8509-4a7f-a92e-86146cbc6bc1","restartrequired":false,"specifyipranges":true,"canusefordeploy":true,"ispersistent":false,"tags":[],"displaynetwork":true,"strechedl2subnet":false},
{"id":"aee03e51-468e-4311-aebc-827d9a43adf0","name":"test","displaytext":"test","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"10.1.1.0/24","zoneid":"75d61334-ff70-49c3-99ed-3af702cd51d7","zonename":"BLR1","networkofferingid":"987d8feb-73b5-4f01-9152-6680a31bc60a","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
for Isolated networks with Source Nat service
enabled","networkofferingconservemode":true,"networkofferingavailability":"Required","issystem":false,"state":"Implemented","related":"aee03e51-468e-4311-aebc-827d9a43adf0","broadcasturi":"vlan://1","dns1":"4.2.2.2","type":"Isolated","vlan":"1","acltype":"Account","account":"admin","domainid":"e5e2ad7a-c019-11e3-907f-4adf980f9414","domain":"ROOT","service":[{"name":"SourceNat","capability":[{"name":"SupportedSourceNatTypes","value":"peraccount","
[jira] [Created] (CLOUDSTACK-6468) IAM - Templates - Admin user is not allowed to edit template and set isExtractable() paramater.
Sangeetha Hariharan created CLOUDSTACK-6468:
---
Summary: IAM - Templates - Admin user is not allowed to edit
template and set isExtractable() paramater.
Key: CLOUDSTACK-6468
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6468
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: IAM
Affects Versions: 4.4.0
Reporter: Sangeetha Hariharan
Fix For: 4.4.0
IAM - Templates - Admin user is not allowed to edit template and set
isExtractable() paramater.
>From UI , As admin , tried to update the isFeatured() flag to true for a
>template that was created by regular user.
This fails with "Only ROOT admins are allowed to modify this attribute."
http://10.223.49.6:8080/client/api?command=updateTemplatePermissions&response=json&sessionkey=1WTLpcX%2FCiA4QLBY3RZTTB0ceaE%3D&id=851cfe02-d91f-4226-b325-b48a09d2a2af&ispublic=false&isfeatured=true&isextractable=true&_=1398114267369
{ "updatetemplatepermissionsresponse" :
{"uuidList":[],"errorcode":431,"cserrorcode":4350,"errortext":"Only ROOT admins
are allowed to modify this attribute."} }
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Updated] (CLOUDSTACK-6350) IAM - Listing of VM using uuid when owner account of this Vm is deleted results is VM not being returned.But list VM with listAll=true is able to return this VM.
[
https://issues.apache.org/jira/browse/CLOUDSTACK-6350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangeetha Hariharan updated CLOUDSTACK-6350:
Component/s: IAM
> IAM - Listing of VM using uuid when owner account of this Vm is deleted
> results is VM not being returned.But list VM with listAll=true is able to
> return this VM.
> -
>
> Key: CLOUDSTACK-6350
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6350
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: IAM
> Environment: Build from 4.4
>Reporter: Sangeetha Hariharan
>Assignee: Min Chen
>Priority: Critical
> Attachments: cloud-dmp.rar
>
>
> IAM - Listing of VM using uuid when owner account of this Vm is deleted
> results is VM not being returned.But list VM with listAll=true is able to
> return this VM.
> Steps that lead to the problem:
> Had few Domains and sub domains created.
> Accounts were created in these Domains and sub domains
> Had Vms deployed as these accounts.
> Tried to delete all the accounts (Except admin account).
> After this , tried to delete all Domains (Except ROOT).
> I see that all Accouts have been deleted.
> But some of the Vms remained in "Running" state.
> I am able to list all these Vms using listAll=true as admin :
> http://10.223.49.6:8080/client/api?command=listVirtualMachines&response=json&sessionkey=os3e6ZwGKaaRRkpMyoi1nl9ttsI%3D&listAll=true&page=1&pagesize=20&_=1396909849873
> { "listvirtualmachinesresponse" : { "count":7 ,"virtualmachine" : [
> {"id":"9a0a4d1b-7918-4d9a-86b0-a72b0a378c07","name":"d12b","displayname":"d12b","account":"testD12B-TestVMDeploy-2U21LA","domainid":"5314248a-0419-4e0f-9a63-b663abbbce5b","domain":"D12-G39UMB","created":"2014-04-07T09:55:28-0400","state":"Running","haenable":false,"zoneid":"24ea97ba-f26f-40d2-9bda-538abffb8181","zonename":"BLR1","hostid":"c404603f-8a1a-495f-9278-3c988ff9833b","hostname":"SimulatedAgent.2fda14b6-647e-492b-a6ab-7e809d56d41a","templateid":"62114ed8-b9df-11e3-a5ee-4adf980f9414","templatename":"CentOS
> 5.3(64-bit) no GUI (Simulator)","templatedisplaytext":"CentOS 5.3(64-bit) no
> GUI
> (Simulator)","passwordenabled":false,"serviceofferingid":"fa7bb82d-4f3b-43e6-ac8c-a87419cd78d9","serviceofferingname":"Small
>
> Instance","cpunumber":1,"cpuspeed":100,"memory":128,"cpuused":"10%","networkkbsread":2916352,"networkkbswrite":1458176,"guestosid":"292dc664-b9df-11e3-a5ee-4adf980f9414","rootdeviceid":0,"rootdevicetype":"ROOT","securitygroup":[],"nic":[{"id":"3d24baa0-13be-456d-b43d-f003dba13444","networkid":"22e12e93-84b5-4298-bec2-405f114ac19b","networkname":"testD12B-TestVMDeploy-2U21LA-network","netmask":"255.255.255.0","gateway":"10.1.1.1","ipaddress":"10.1.1.187","isolationuri":"vlan://2150","broadcasturi":"vlan://2150","traffictype":"Guest","type":"Isolated","isdefault":true,"macaddress":"02:00:50:44:00:01"}],"hypervisor":"Simulator","instancename":"i-156-263-VM","tags":[],"affinitygroup":[],"displayvm":true,"isdynamicallyscalable":false,"ostypeid":11},
>
> {"id":"5f620fd0-054f-484a-b3d0-5fa30861272e","name":"d12a","displayname":"d12a","account":"testD12A-TestVMDeploy-DLBXEJ","domainid":"5314248a-0419-4e0f-9a63-b663abbbce5b","domain":"D12-G39UMB","created":"2014-04-07T09:55:23-0400","state":"Running","haenable":false,"zoneid":"24ea97ba-f26f-40d2-9bda-538abffb8181","zonename":"BLR1","hostid":"8c5fe6d4-d5c4-4eb1-b286-9f498a8a9626","hostname":"SimulatedAgent.656f464b-f058-4416-afb8-ab5b12e59128","templateid":"62114ed8-b9df-11e3-a5ee-4adf980f9414","templatename":"CentOS
> 5.3(64-bit) no GUI (Simulator)","templatedisplaytext":"CentOS 5.3(64-bit) no
> GUI
> (Simulator)","passwordenabled":false,"serviceofferingid":"fa7bb82d-4f3b-43e6-ac8c-a87419cd78d9","serviceofferingname":"Small
>
> Instance","cpunumber":1,"cpuspeed":100,"memory":128,"cpuused":"10%","networkkbsread":2916352,"networkkbswrite":1458176,"guestosid":"292dc664-b9df-11e3-a5ee-4adf980f9414","rootdeviceid":0,"rootdevicetype":"ROOT","securitygroup":[],"nic":[{"id":"ab72b85e-ca4a-4fd1-bed4-265e232d3689","networkid":"bf0a3fca-1997-4345-8f94-1a680ff88db4","networkname":"testD12A-TestVMDeploy-DLBXEJ-network","netmask":"255.255.255.0","gateway":"10.1.1.1","ipaddress":"10.1.1.207","isolationuri":"vlan://1964","broadcasturi":"vlan://1964","traffictype":"Guest","type":"Isolated","isdefault":true,"macaddress":"02:00:00:b7:00:01"}],"hypervisor":"Simulator","instancename":"i-155-261-VM","tags":[],"affinitygroup":[],"displayvm":true,"isdynamicallyscalable":false,"ostypeid":11},
>
> {"id":"e532616f-9746-46af-b645-c5c094681e47","name":"d11b","displayname":"d11b
