[jira] [Updated] (CLOUDSTACK-6630) [Automation] Failed to create PF rule with error "does not have permission to access resource"

[Rayees Namathponnan (JIRA)]

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-6630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rayees Namathponnan updated CLOUDSTACK-6630:
--------------------------------------------

    Attachment: CLOUDSTACK-6630.rar

> [Automation] Failed to create PF rule with error "does not have permission to 
> access resource"
> ----------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-6630
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6630
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: IAM
>    Affects Versions: 4.4.0
>            Reporter: Rayees Namathponnan
>            Priority: Blocker
>             Fix For: 4.4.0
>
>         Attachments: CLOUDSTACK-6630.rar
>
>
> Run  BVT suite volume.py
> test case creating account, deploying vm and configuring SNAT with PF rule,
> Result
> PF rule creation failed with below exception 
> 2014-05-10 23:58:48,482 DEBUG [o.a.c.i.RoleBasedEntityAccessChecker] 
> (catalina-exec-23:ctx-bc32f45f ctx-1c7a9889 ctx-d99c5930) IAM access c
> heck for 2-null-null-DomainCapability from cache: false
> 2014-05-10 23:58:48,493 DEBUG [c.c.a.ApiServlet] 
> (catalina-exec-23:ctx-bc32f45f ctx-1c7a9889 ctx-d99c5930) ===END===  
> 10.223.240.194 -- GET
>   
> signature=gD6OYRiz6Jd%2FZz7M7emIaancCr0%3D&apiKey=leb8qPblUzbfXRSpfWRZzvgKTo1pAd3Z9S7gkvok9BGpFEm1DsuPCjMeETvbMkjOEeoNX8wgMtK7K0S7ywd5cA&
> command=queryAsyncJobResult&response=json&jobid=3b680c4e-8508-4691-9d89-87dfeb400dec
> 2014-05-10 23:58:48,499 DEBUG [c.c.a.ApiServlet] 
> (catalina-exec-22:ctx-7e9bd8bb) ===START===  10.223.240.194 -- GET  
> apiKey=leb8qPblUzbfXRS
> pfWRZzvgKTo1pAd3Z9S7gkvok9BGpFEm1DsuPCjMeETvbMkjOEeoNX8wgMtK7K0S7ywd5cA&virtualmachineid=eabab3fc-5229-47fe-b4b5-ae1d47c119fc&ipaddressid=3
> a2642c3-4c04-47f3-a5a5-a5446673223d&signature=fIvJyw2UfV2Y9mTnxmx7eMick6w%3D&command=createPortForwardingRule&privateport=22&protocol=TCP&p
> ublicport=2222&response=json
> 2014-05-10 23:58:48,532 DEBUG [c.c.a.m.AgentManagerImpl] 
> (AgentManager-Handler-3:null) SeqA 6-221: Processing Seq 6-221:  { Cmd , 
> MgmtId: -
> 1, via: 6, Ver: v1, Flags: 11, 
> [{"com.cloud.agent.api.ConsoleProxyLoadReportCommand":{"_proxyVmId":4,"_loadInfo":"{\n
>   \"connections\": []\
> n}","wait":0}}] }
> 2014-05-10 23:58:48,536 DEBUG [c.c.a.m.AgentManagerImpl] 
> (AgentManager-Handler-3:null) SeqA 6-221: Sending Seq 6-221:  { Ans: , 
> MgmtId: 290
> 66118877352, via: 6, Ver: v1, Flags: 100010, 
> [{"com.cloud.agent.api.AgentControlAnswer":{"result":true,"wait":0}}] }
> 2014-05-10 23:58:48,598 DEBUG [o.a.c.i.RoleBasedEntityAccessChecker] 
> (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) IAM access c
> heck for 2-null-null-SystemCapability from cache: true
> 2014-05-10 23:58:48,599 DEBUG [c.c.u.AccountManagerImpl] 
> (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) Root Access granted 
> to A
> cct[9b57332c-d8d1-11e3-a7c8-1a6f7bb0d0a8-admin] by 
> RoleBasedEntityAccessChecker
> 2014-05-10 23:58:48,601 DEBUG [o.a.c.i.RoleBasedEntityAccessChecker] 
> (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) IAM access c
> heck for 2-null-null-DomainCapability from cache: false
> 2014-05-10 23:58:48,606 DEBUG [o.a.c.i.RoleBasedEntityAccessChecker] 
> (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) IAM access c
> heck for 2-null-null-DomainResourceCapability from cache: false
> 2014-05-10 23:58:48,627 DEBUG [o.a.c.i.s.IAMServiceImpl] 
> (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) Put IAM access 
> check for
>  2-VirtualMachine8-OperateEntry-createPortForwardingRule in cache
> 2014-05-10 23:58:48,650 DEBUG [o.a.c.i.RoleBasedEntityAccessChecker] 
> (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) Account 
> Acct[9b57332c-d8d1-11e3-a7c8-1a6f7bb0d0a8-admin] does not have permission to 
> access resource Ip[10.223.122.71-1] for access type: OperateEntry
> 2014-05-10 23:58:48,650 DEBUG [o.a.c.i.s.IAMServiceImpl] 
> (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) Put IAM access 
> check for 2-IpAddress6-OperateEntry-createPortForwardingRule in cache
> 2014-05-10 23:58:48,651 INFO  [c.c.a.ApiServer] 
> (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) PermissionDenied: 
> Account Acct[9b57332c-d8d1-11e3-a7c8-1a6f7bb0d0a8-admin] does not have 
> permission to access resource Ip[10.223.122.71-1] for access type: 
> OperateEntry on objs: []
> 2014-05-10 23:58:48,654 DEBUG [c.c.a.ApiServlet] 
> (catalina-exec-22:ctx-7e9bd8bb ctx-34961f5e ctx-f2fd7c7d) ===END===  
> 10.223.240.194 -- GET  
> apiKey=leb8qPblUzbfXRSpfWRZzvgKTo1pAd3Z9S7gkvok9BGpFEm1DsuPCjMeETvbMkjOEeoNX8wgMtK7K0S7ywd5cA&virtualmachineid=eabab3fc-5229-47fe-b4b5-ae1d47c119fc&ipaddressid=3a2642c3-4c04-47f3-a5a5-a5446673223d&signature=fIvJyw2UfV2Y9mTnxmx7eMick6w%3D&command=createPortForwardingRule&privateport=22&protocol=TCP&publicport=2222&response=json
> 2014-05-10 23:58:48,809 DEBUG [c.c.a.ApiServlet] 
> (catalina-exec-16:ctx-75c2ca30) ===START===  10.223.240.194 -- GET  
> apiKey=leb8qPblUzbfXRSpfWRZzvgKTo1pAd3Z9S7gkvok9BGpFEm1DsuPCjMeETvbMkjOEeoNX8wgMtK7K0S7ywd5cA&command=listDomains&signature=vw1816eP4qADj2X%2FbYUVXDSnoXA%3D&response=json
>   



--
This message was sent by Atlassian JIRA
(v6.2#6252)