ivan derbenev created CLOUDSTACK-6508:
-----------------------------------------
Summary: impossible to list projects from API with domainid set
Key: CLOUDSTACK-6508
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6508
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: API
Affects Versions: 4.2.1, 4.3.0
Reporter: ivan derbenev
Hello, it's my first issue ever, so sorry if i made smth wrong.
Today we was trying to setup jCloud module for jenkins, and stuck with error.
it throws GET request:
/client/api/?response=json&command=listProjects&listAll=true&account=jenkins&domainid=%domainid%&apiKey=%apikey%&signature=%sig%
and returns error:
Can't list domain id= 1 projects; unauthorized
i have only one ROOT domain, and this user belongs to this domain
if i go into cloudmonkey and call:
list projects listall=true account=jenkins domainid=%domainid%
it throws error too. If i don't use "domainid" attribute, query works properly
if i call any other api function with "domainid" attribute, query works properly
i looked into cloudstack sources and found this function:
https://github.com/apache/cloudstack/blob/master/server/src/com/cloud/api/query/QueryManagerImpl.java
listProjectsInternal function
line 1309
if (domainId != null && domainId.equals(caller.getDomainId())) {
throw new PermissionDeniedException("Can't list domain id= " +
domainId + " projects; unauthorized");
}
so if i understand it well it check whether i provide a domainid and if user
belongs to domain with this domainid it throws exception
I don't think this is how this API function should work.
Am i mistaken anywhere or this is really a bug?
--
This message was sent by Atlassian JIRA
(v6.2#6252)
