Hi all. I'm trying to deploy virtual machines through api and management throws permission issues. This worked in 4.0/4.1, but now I see following:
curl " http://localhost:8096/client/?command=deployVirtualMachine&serviceofferingid=2b45be75-0ec8-4683-91a0-d95414da310d&zoneid=4a5bc8e5-bab9-4f92-9249-d57ef8a0f9f8&templateid=94013c8f-b615-467f-8df2-635ac4c5efb5&networkids=5928684b-f9fc-4c2f-a74b-d6af622250f3&account=vdc3880&domainid=2744e9b6-8633-4e8d-bb4d-860fe5e7e744 " <?xml version="1.0" encoding="UTF-8"?> <deployvirtualmachineresponse cloud-stack-version="4.2.0"><errorcode>531</errorcode> <cserrorcode>4365</cserrorcode> <errortext>Acct[ebcf2919-a842-4986-a8ed-a3806dfbd8f2-vdc3880] does not have permission to operate with resource Acct[9d9ef909-2469-11e3-9901-90e2ba51b336-admin]</errortext> </deployvirtualmachineresponse> Same thing upon assignVirtualMachine api call: curl " http://localhost:8096/client/?command=assignVirtualMachine&virtualmachineid=dbee3d10-0c8d-4d74-bcbd-21fb041fbfce&account=vdc3880&domainid=2744e9b6-8633-4e8d-bb4d-860fe5e7e744 " <?xml version="1.0" encoding="UTF-8"?><moveuservmresponse cloud-stack-version="4.2.0"><errorcode>530</errorcode><cserrorcode>9999</cserrorcode><errortext>Failed to move vm Acct[ebcf2919-a842-4986-a8ed-a3806dfbd8f2-vdc3880] does not have permission to operate with resource Acct[9d9ef909-2469-11e3-9901-90e2ba51b336-admin]</errortext></moveuservmresponse> environment used: CS 4.2.0, centos 6.4, KVM P.S. It seems error message is being generated at ./server/src/com/cloud/acl/DomainChecker.java: 145 if (caller.getId() != entity.getAccountId()) { 146 throw new PermissionDeniedException(caller + "entry3 does not have permission to operate with resource " + entity); 147 } But I can not understand why callerid goes from vdc3880 account - I'm calling API as admin (tested both through cloudmonkey and directly on 8096 port) ? Any thoughts ? -- Regards, Valery http://protocol.by/slayer
