venkata swamybabu budumuru created CLOUDSTACK-2134:
------------------------------------------------------
Summary: [Multiple IPs Per Nic] "addIpToVmNic" is failing when
tried as non-ROOT domain user
Key: CLOUDSTACK-2134
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2134
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Network Controller
Affects Versions: 4.2.0
Environment: commit 81e1ba3bb406f9546f0d46ccbfa3fbbb35b762e2
Reporter: venkata swamybabu budumuru
Assignee: Jayapal Reddy
Priority: Critical
Fix For: 4.2.0
Steps to reproduce :
1. Have a basic zone with 1 Xen Cluster
2. Create a domain under ROOT and a domain user
3. deploy a VM as the above created domain user
4. try to add secondary ip to VMs guest nic using API "addIpToVmNic"
Observations:
(i) It fails with the following error.
3-04-22 11:49:22,234 DEBUG [cloud.async.AsyncJobManagerImpl]
(Job-Executor-17:job-23) job
org.apache.cloudstack.api.command.user.vm.AddIpToVmNicCmd for job-23 was
queued, processing the queue.
2013-04-22 11:49:22,248 DEBUG [cloud.async.AsyncJobManagerImpl]
(Job-Executor-17:job-23) Executing sync queue item: SyncQueueItemVO {id:2,
queueId: 1, contentType: AsyncJob, contentId: 23, lastProcessMsid:
7280707764394, lastprocessNumber: 2, lastProcessTime: Mon Apr 22 11:49:22 EDT
2013, created: Mon Apr 22 11:49:22 EDT 2013}
2013-04-22 11:49:22,250 DEBUG [cloud.async.AsyncJobManagerImpl]
(Job-Executor-17:job-23) Schedule queued job-23
2013-04-22 11:49:22,257 DEBUG [cloud.async.SyncQueueManagerImpl]
(Job-Executor-17:job-23) There is a pending process in sync queue(id: 1)
2013-04-22 11:49:22,259 DEBUG [cloud.async.AsyncJobManagerImpl]
(Job-Executor-18:job-23) Executing
org.apache.cloudstack.api.command.user.vm.AddIpToVmNicCmd for job-23
2013-04-22 11:49:22,284 ERROR [cloud.async.AsyncJobManagerImpl]
(Job-Executor-18:job-23) Unexpected exception while executing
org.apache.cloudstack.api.command.user.vm.AddIpToVmNicCmd
com.cloud.exception.PermissionDeniedException: Acct[3-dom1Acc1] does not have
permission to operate with resource Ntwk[204|Guest|6]
at com.cloud.acl.DomainChecker.checkAccess(DomainChecker.java:132)
at
com.cloud.user.AccountManagerImpl.checkAccess(AccountManagerImpl.java:384)
at
com.cloud.network.NetworkServiceImpl.allocateSecondaryGuestIP(NetworkServiceImpl.java:508)
at
org.apache.cloudstack.api.command.user.vm.AddIpToVmNicCmd.execute(AddIpToVmNicCmd.java:157)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:164)
at
com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:679)
2013-04-22 11:49:22,285 DEBUG [cloud.async.AsyncJobManagerImpl]
(Job-Executor-18:job-23) Complete async job-23, jobStatus: 2, resultCode: 530,
result: Error Code: 530 Error text: Acct[3-dom1Acc1] does not have permission
to operate with resource Ntwk[204|Guest|6]
(ii) Same operation goes fine without any issues when executed as ROOT-Admin
User.
Attaching all the required logs to the bug
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
