Valery Ciareszka created CLOUDSTACK-4838:
--------------------------------------------
Summary: proper messaging of checkAccess exceptions
Key: CLOUDSTACK-4838
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4838
Project: CloudStack
Issue Type: Improvement
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server
Affects Versions: 4.2.0
Environment: KVM(CentOS 6.4)
Reporter: Valery Ciareszka
Priority: Minor
If you try to deploy virtualmachine via root domain API from non-public
template and specify non-privileged user as its owner, it will fail.
I.e. curl
"http://localhost:8096/client/?command=deployVirtualMachine&serviceofferingid=2b45be75-0ec8-4683-91a0-d95414da310d&zoneid=4a5bc8e5-bab9-4f92-9249-d57ef8a0f9f8&templateid=94013c8f-b615-467f-8df2-635ac4c5efb5&networkids=5928684b-f9fc-4c2f-a74b-d6af622250f3&account=vdc3880&domainid=2744e9b6-8633-4e8d-bb4d-860fe5e7e744";
Response is:
<?xml version="1.0" encoding="UTF-8"?>
<deployvirtualmachineresponse
cloud-stack-version="4.2.0"><errorcode>531</errorcode>
<cserrorcode>4365</cserrorcode>
<errortext>Acct[ebcf2919-a842-4986-a8ed-a3806dfbd8f2-vdc3880] does not have
permission to operate with resource
Acct[9d9ef909-2469-11e3-9901-90e2ba51b336-admin]</errortext>
</deployvirtualmachineresponse>
It is unclean, what was the reason of PermissionDeniedException. After
modifying source code and adding more debug messages I figured out that this
was caused because template was non-public, but it is non obvious.
It would be great if such exceptions could provide more information about their
actual reasons.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
