[CLOUDSTACK-8922] Unable to delete IP tag - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 4.5.2
Fix Version/s: None
Component/s: Management Server
Security Level: Public (Anyone can view this level - this is the default.)
Labels:
None

Description

1. Acquire new IP address
2. Create tags for the IP
3. Delete the tag from Step#2

an error occurs at Step#3 whereby the delete tag operation fails with "Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] does not have permission to operate within domain id\u003d632"

TROUBLESHOOTING
==================
Acquire new IP address
*********************

2014-11-19 15:08:15,870 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (catalina-exec-20:ctx-faed32b5 ctx-712308cb ctx-401bfcaf) submit async job-72419, details: AsyncJobVO {id:72419, userId: 17, accountId: 15, instanceType: IpAddress, instanceId: 672, cmd: org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd, cmdInfo: {"id":"672","response":"json","cmdEventType":"NET.IPASSIGN","ctxUserId":"17","zoneid":"a117e75f-d02e-4074-806d-889c61261394","httpmethod":"GET","ctxAccountId":"15","networkid":"0ca7c69e-c281-407b-a152-2559c10a81a6","ctxStartEventId":"166725","signature":"3NZRU6dIBxg1HMDiP/MkY2agRn4\u003d","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2014-11-19 15:08:15,870 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-68:ctx-fca9add6 job-72419) Executing AsyncJobVO {id:72419, userId: 17, accountId: 15, instanceType: IpAddress, instanceId: 672, cmd: org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd, cmdInfo: {"id":"672","response":"json","cmdEventType":"NET.IPASSIGN","ctxUserId":"17","zoneid":"a117e75f-d02e-4074-806d-889c61261394","httpmethod":"GET","ctxAccountId":"15","networkid":"0ca7c69e-c281-407b-a152-2559c10a81a6","ctxStartEventId":"166725","signature":"3NZRU6dIBxg1HMDiP/MkY2agRn4\u003d","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2014-11-19 15:08:15,890 DEBUG [c.c.u.AccountManagerImpl] (API-Job-Executor-68:ctx-fca9add6 job-72419 ctx-96bbdee5) Access to Ntwk[216|Guest|8] granted to Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] by DomainChecker
2014-11-19 15:08:15,911 DEBUG [c.c.n.IpAddressManagerImpl] (API-Job-Executor-68:ctx-fca9add6 job-72419 ctx-96bbdee5) Successfully associated ip address 210.140.170.160 to network Ntwk[216|Guest|8]
2014-11-19 15:08:15,922 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-68:ctx-fca9add6 job-72419 ctx-96bbdee5) Complete async job-72419, jobStatus: SUCCEEDED, resultCode: 0, result: org.apache.cloudstack.api.response.IPAddressResponse/ipaddress/{"id":"3d7c3a2a-1f2d-46dc-9905-4a7ce620e7e9","ipaddress":"210.140.170.160","allocated":"2014-11-19T15:08:15+0900","zoneid":"a117e75f-d02e-4074-806d-889c61261394","zonename":"tesla","issourcenat":false,"account":"71000000017","domainid":"cc27e32c-6acd-4fdf-a1e5-734cef8a7fe0","domain":"71000000017","forvirtualnetwork":true,"isstaticnat":false,"issystem":false,"associatednetworkid":"0ca7c69e-c281-407b-a152-2559c10a81a6","associatednetworkname":"network1","networkid":"79132c74-fe77-4bd5-9915-ce7c577fb95f","state":"Allocating","physicalnetworkid":"4a00ce42-6a30-4494-afdd-3531d883237b","tags":[],"isportable":false}
2014-11-19 15:08:15,932 INFO  [o.a.c.f.j.i.AsyncJobMonitor] (API-Job-Executor-68:ctx-fca9add6 job-72419) Remove job-72419 from job monitoring

+-------+-------------------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| id    | job_cmd                                                           | job_status | job_init_msid | job_complete_msid | created             | last_updated        |
+-------+-------------------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| 72419 | org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd |          1 |  345048681027 |      345048681027 | 2014-11-19 06:08:15 | 2014-11-19 06:08:15 |
+-------+-------------------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
1 row in set (0.00 sec)

Create Tag
***********

2014-11-19 15:08:16,376 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (catalina-exec-1:ctx-dee6efde ctx-ae7d665b ctx-34f0c207) submit async job-72421, details: AsyncJobVO {id:72421, userId: 17, accountId: 15, instanceType: None, instanceId: null, cmd: org.apache.cloudstack.api.command.user.tag.CreateTagsCmd, cmdInfo: {"response":"json","cmdEventType":"CREATE_TAGS","ctxUserId":"17","tags[0].value":"hyamashita001-test13","tags[0].key":"cloud-description","httpmethod":"GET","resourcetype":"PublicIPAddress","ctxAccountId":"15","ctxStartEventId":"166734","signature":"Wdx759HnH7eeh1YbfZbqyiPHqOI\u003d","resourceids":"3d7c3a2a-1f2d-46dc-9905-4a7ce620e7e9","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2014-11-19 15:08:16,376 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-66:ctx-60c43fb5 job-72421) Executing AsyncJobVO {id:72421, userId: 17, accountId: 15, instanceType: None, instanceId: null, cmd: org.apache.cloudstack.api.command.user.tag.CreateTagsCmd, cmdInfo: {"response":"json","cmdEventType":"CREATE_TAGS","ctxUserId":"17","tags[0].value":"hyamashita001-test13","tags[0].key":"cloud-description","httpmethod":"GET","resourcetype":"PublicIPAddress","ctxAccountId":"15","ctxStartEventId":"166734","signature":"Wdx759HnH7eeh1YbfZbqyiPHqOI\u003d","resourceids":"3d7c3a2a-1f2d-46dc-9905-4a7ce620e7e9","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2014-11-19 15:08:16,394 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-66:ctx-60c43fb5 job-72421 ctx-269323f2) Complete async job-72421, jobStatus: SUCCEEDED, resultCode: 0, result: org.apache.cloudstack.api.response.SuccessResponse/null/{"success":true}
2014-11-19 15:08:16,404 INFO  [o.a.c.f.j.i.AsyncJobMonitor] (API-Job-Executor-66:ctx-60c43fb5 job-72421) Remove job-72421 from job monitoring

+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| id    | job_cmd                                                  | job_status | job_init_msid | job_complete_msid | created             | last_updated        |
+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| 72421 | org.apache.cloudstack.api.command.user.tag.CreateTagsCmd |          1 |  345048681027 |      345048681027 | 2014-11-19 06:08:16 | 2014-11-19 06:08:16 |
+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+

As we can see both the Acquire IP address process and Create TAG process completes successfully.

Delete Tag
***********

2014-11-19 15:15:06,496 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (catalina-exec-18:ctx-f9096d31 ctx-c18e0cef ctx-a73fb445) submit async job-72484, details: AsyncJobVO {id:72484, userId: 17, accountId: 15, instanceType: None, instanceId: null, cmd: org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd, cmdInfo: {"response":"json","cmdEventType":"DELETE_TAGS","ctxUserId":"17","tags[0].key":"cloud-description","httpmethod":"GET","resourcetype":"PublicIPAddress","ctxAccountId":"15","ctxStartEventId":"166921","signature":"7aUyelqNUGlgp+4PVdfCzJ0P7xY\u003d","resourceids":"3d7c3a2a-1f2d-46dc-9905-4a7ce620e7e9","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2014-11-19 15:15:06,496 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-104:ctx-a96a8572 job-72484) Executing AsyncJobVO {id:72484, userId: 17, accountId: 15, instanceType: None, instanceId: null, cmd: org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd, cmdInfo: {"response":"json","cmdEventType":"DELETE_TAGS","ctxUserId":"17","tags[0].key":"cloud-description","httpmethod":"GET","resourcetype":"PublicIPAddress","ctxAccountId":"15","ctxStartEventId":"166921","signature":"7aUyelqNUGlgp+4PVdfCzJ0P7xY\u003d","resourceids":"3d7c3a2a-1f2d-46dc-9905-4a7ce620e7e9","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"}, cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
2014-11-19 15:15:06,502 DEBUG [c.c.u.AccountManagerImpl] (API-Job-Executor-104:ctx-a96a8572 job-72484 ctx-d9207bf9) Access to Acct[6b3b9128-2ef1-4866-8a60-33b284c749de-71000000726] granted to Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] by DomainChecker
2014-11-19 15:15:06,506 DEBUG [c.c.u.AccountManagerImpl] (catalina-exec-8:ctx-74989794 ctx-5decfcea ctx-111e7f31) Access to Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] granted to Acct[13ebed98-547c-4036-a4fd-f8c2e4e5dc5c-71000000017] by DomainChecker
2014-11-19 15:15:06,510 ERROR [c.c.a.ApiAsyncJobDispatcher] (API-Job-Executor-104:ctx-a96a8572 job-72484) Unexpected exception while executing org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd
com.cloud.exception.PermissionDeniedException: Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] does not have permission to operate within domain id=632
	at com.cloud.acl.DomainChecker.checkAccess(DomainChecker.java:77)
	at com.cloud.user.AccountManagerImpl.checkAccess(AccountManagerImpl.java:451)
	at sun.reflect.GeneratedMethodAccessor250.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
	at com.sun.proxy.$Proxy83.checkAccess(Unknown Source)
	at com.cloud.tags.TaggedResourceManagerImpl.deleteTags(TaggedResourceManagerImpl.java:375)
	at sun.reflect.GeneratedMethodAccessor546.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:50)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
	at com.sun.proxy.$Proxy315.deleteTags(Unknown Source)
	at org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd.execute(DeleteTagsCmd.java:103)
	at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:161)
	at com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:97)
	at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:507)
	at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:50)
	at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
	at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
	at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
	at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:47)
	at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:464)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
	at java.util.concurrent.FutureTask.run(FutureTask.java:262)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)
2014-11-19 15:15:06,511 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-104:ctx-a96a8572 job-72484) Complete async job-72484, jobStatus: FAILED, resultCode: 530, result: org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":530,"errortext":"Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] does not have permission to operate within domain id\u003d632"}
2014-11-19 15:15:06,521 INFO  [o.a.c.f.j.i.AsyncJobMonitor] (API-Job-Executor-104:ctx-a96a8572 job-72484) Remove job-72484 from job monitoring

+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| id    | job_cmd                                                  | job_status | job_init_msid | job_complete_msid | created             | last_updated        |
+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| 72484 | org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd |          2 |  345048681027 |      345048681027 | 2014-11-19 06:15:06 | 2014-11-19 06:15:06 |
| 72489 | org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd |          2 |  345048681027 |      345048681027 | 2014-11-19 06:15:45 | 2014-11-19 06:15:45 |
+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
2 rows in set (0.00 sec)

Account ID 15 has below credentials

+----+--------------+--------------------------------------+------+-----------+---------+
| id | account_name | uuid                                 | type | domain_id | state   |
+----+--------------+--------------------------------------+------+-----------+---------+
| 15 | 71000000017  | f4d0c381-e0b7-4aed-aa90-3336d42f7540 |    2 |        11 | enabled |
+----+--------------+--------------------------------------+------+-----------+---------+
1 row in set (0.00 sec)

Below is the DB record for domain id=632

+-----+-------------+--------------------------------------+--------+----------------+
| id  | name        | uuid                                 | state  | network_domain |
+-----+-------------+--------------------------------------+--------+----------------+
| 632 | 71000000726 | 0536af94-fce7-46d2-b98a-9e3fd0f304ae | Active | NULL           |
+-----+-------------+--------------------------------------+--------+----------------+

Even though the logs say that access to domain id=632 has been granted to account id=15 below;

2014-11-19 15:15:06,502 DEBUG [c.c.u.AccountManagerImpl] (API-Job-Executor-104:ctx-a96a8572 job-72484 ctx-d9207bf9) Access to Acct[6b3b9128-2ef1-4866-8a60-33b284c749de-71000000726] granted to Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] by DomainChecker

The operation fails with no permission.

com.cloud.exception.PermissionDeniedException: Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] does not have permission to operate within domain id=632

EXPECTED BEHAVIOR
==================
User should be able to delete the tags

ACTUAL BEHAVIOR
==================
User is unable to delete tags

Attachments

Issue Links

links to

GitHub Pull Request #905

Activity

People

Assignee:: Unassigned

Reporter:: subhash yedugundla

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Sep/15 12:43

Updated:: 09/Jan/18 08:26