[jira] [Resolved] (CLOUDSTACK-1688) AWS Regions - Domain admin user is not able to use getUser() command to fetch user details.

Thu, 14 Mar 2013 23:08:17 -0700 

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-1688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kishan Kavala resolved CLOUDSTACK-1688.
---------------------------------------

    Resolution: Not A Problem

getUser API is for ROOT admin only by design . This API is for integration like 
S3. 
                
> AWS Regions - Domain admin user is not able to use getUser() command to fetch 
> user details.
> -------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-1688
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1688
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server
>    Affects Versions: 4.1.0
>         Environment: Build from 4.1
>            Reporter: Sangeetha Hariharan
>            Assignee: Kishan Kavala
>             Fix For: 4.1.0
>
>
> AWS Regions - Domain admin user is not able to use getUser() command to fetch 
> user details.
> As domain admin user , try to execute getUser() API call for a regular user 
> who belongs to this domain. 
> Api returnd error:
> http://10.223.131.202:8080/client/api?command=getUser&response=json&sessionkey=Y3XVal5FZOFZobsJggzkMet5rT0%3D&userapikey=2Ffgfp460CozE0yojXXQd3gbLozpWqjz9C_Kr3A-Vnu5bZaeUUGGLOp7tL9rsBIA6NLNaKSp63zvl31e7Q_aQ
> { "errorresponse" : {"errorcode":432,"cserrorcode":9999,"errortext":"The 
> given command does not exist or it is not available for user"} }
> management-server.logs
> 2013-03-14 17:16:56,812 DEBUG [cloud.api.ApiServlet] (catalina-exec-24:null) 
> ===START===  10.217.252.128 -- GET  
> command=getUser&response=json&sessionkey=Y3XVal5FZOFZobsJggz
> kMet5rT0%3D&userapikey=2Ffgfp460CozE0yojXXQd3gbLozpWqjz9C_Kr3A-Vnu5bZaeUUGGLOp7tL9rsBIA6NLNaKSp63zvl31e7Q_aQ
> 2013-03-14 17:16:56,815 DEBUG [cloud.api.ApiServer] (catalina-exec-24:null) 
> The given command:getUser does not exist or it is not available for user with 
> id:22
> 2013-03-14 17:16:56,815 DEBUG [cloud.api.ApiServlet] (catalina-exec-24:null) 
> ===END===  10.217.252.128 -- GET  
> command=getUser&response=json&sessionkey=Y3XVal5FZOFZobsJggzkM
> et5rT0%3D&userapikey=2Ffgfp460CozE0yojXXQd3gbLozpWqjz9C_Kr3A-Vnu5bZaeUUGGLOp7tL9rsBIA6NLNaKSp63zvl31e7Q_aQ
> mysql> select * from user where id=22;
> +----+--------------------------------------+------------+----------------------------------+------------+------------+------------+--------------------+---------+---------+------------+---------------------+---------+---------------------+--------------------+---------------+--------------------------+-----------+
> | id | uuid                                 | username   | password           
>               | account_id | firstname  | lastname   | email              | 
> state   | api_key | secret_key | created             | removed | timezone     
>        | registration_token | is_registered | incorrect_login_attempts | 
> region_id |
> +----+--------------------------------------+------------+----------------------------------+------------+------------+------------+--------------------+---------+---------+------------+---------------------+---------+---------------------+--------------------+---------------+--------------------------+-----------+
> | 22 | 73ea9221-6d3a-4fca-af57-9030c2f99865 | dom-admin1 | 
> 9cab41a7d2013e5b00c774de073fbe13 |         13 | dom-admin1 | dom-admin1 | 
> dom-adm...@abc.com | enabled | NULL    | NULL       | 2013-03-15 00:05:00 | 
> NULL    | America/Los_Angeles | NULL               |             0 |          
>               0 |         1 |
> +----+--------------------------------------+------------+----------------------------------+------------+------------+------------+--------------------+---------+---------+------------+---------------------+---------+---------------------+--------------------+---------------+--------------------------+-----------+
> 1 row in set (0.00 sec)
> mysql> select * from account where id=13;
> +----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
> | id | account_name | uuid                                 | type | domain_id 
> | state   | removed | cleanup_needed | network_domain | default_zone_id | 
> region_id |
> +----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
> | 13 | dom-admin1   | ea65cc60-fc1a-4873-a379-1946ea31b4b9 |    2 |         2 
> | enabled | NULL    |              0 | NULL           |            NULL |     
>     1 |
> +----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
> 1 row in set (0.00 sec)
> Expected Behavior:
> As domain user , i am allowed to view all the user details of regular users 
> under this doamin. This would mean I should be able to use getUser() command 
> to fetch user details as well.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to