[jira] [Created] (CLOUDSTACK-8922) Unable to delete IP tag

[subhash yedugundla (JIRA)]

subhash yedugundla created CLOUDSTACK-8922:
----------------------------------------------

             Summary: Unable to delete IP tag
                 Key: CLOUDSTACK-8922
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8922
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.5.2
            Reporter: subhash yedugundla


1. Acquire new IP address 
2. Create tags for the IP 
3. Delete the tag from Step#2 

 an error occurs at Step#3 whereby the delete tag operation fails with 
"Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] does not have 
permission to operate within domain id\u003d632"

TROUBLESHOOTING
==================
Acquire new IP address
*********************
{noformat}
2014-11-19 15:08:15,870 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
(catalina-exec-20:ctx-faed32b5 ctx-712308cb ctx-401bfcaf) submit async 
job-72419, details: AsyncJobVO {id:72419, userId: 17, accountId: 15, 
instanceType: IpAddress, instanceId: 672, cmd: 
org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd, cmdInfo: 
{"id":"672","response":"json","cmdEventType":"NET.IPASSIGN","ctxUserId":"17","zoneid":"a117e75f-d02e-4074-806d-889c61261394","httpmethod":"GET","ctxAccountId":"15","networkid":"0ca7c69e-c281-407b-a152-2559c10a81a6","ctxStartEventId":"166725","signature":"3NZRU6dIBxg1HMDiP/MkY2agRn4\u003d","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"},
 cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: 
null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, 
lastPolled: null, created: null}
2014-11-19 15:08:15,870 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
(API-Job-Executor-68:ctx-fca9add6 job-72419) Executing AsyncJobVO {id:72419, 
userId: 17, accountId: 15, instanceType: IpAddress, instanceId: 672, cmd: 
org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd, cmdInfo: 
{"id":"672","response":"json","cmdEventType":"NET.IPASSIGN","ctxUserId":"17","zoneid":"a117e75f-d02e-4074-806d-889c61261394","httpmethod":"GET","ctxAccountId":"15","networkid":"0ca7c69e-c281-407b-a152-2559c10a81a6","ctxStartEventId":"166725","signature":"3NZRU6dIBxg1HMDiP/MkY2agRn4\u003d","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"},
 cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: 
null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, 
lastPolled: null, created: null}
2014-11-19 15:08:15,890 DEBUG [c.c.u.AccountManagerImpl] 
(API-Job-Executor-68:ctx-fca9add6 job-72419 ctx-96bbdee5) Access to 
Ntwk[216|Guest|8] granted to 
Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] by DomainChecker
2014-11-19 15:08:15,911 DEBUG [c.c.n.IpAddressManagerImpl] 
(API-Job-Executor-68:ctx-fca9add6 job-72419 ctx-96bbdee5) Successfully 
associated ip address 210.140.170.160 to network Ntwk[216|Guest|8]
2014-11-19 15:08:15,922 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
(API-Job-Executor-68:ctx-fca9add6 job-72419 ctx-96bbdee5) Complete async 
job-72419, jobStatus: SUCCEEDED, resultCode: 0, result: 
org.apache.cloudstack.api.response.IPAddressResponse/ipaddress/{"id":"3d7c3a2a-1f2d-46dc-9905-4a7ce620e7e9","ipaddress":"210.140.170.160","allocated":"2014-11-19T15:08:15+0900","zoneid":"a117e75f-d02e-4074-806d-889c61261394","zonename":"tesla","issourcenat":false,"account":"71000000017","domainid":"cc27e32c-6acd-4fdf-a1e5-734cef8a7fe0","domain":"71000000017","forvirtualnetwork":true,"isstaticnat":false,"issystem":false,"associatednetworkid":"0ca7c69e-c281-407b-a152-2559c10a81a6","associatednetworkname":"network1","networkid":"79132c74-fe77-4bd5-9915-ce7c577fb95f","state":"Allocating","physicalnetworkid":"4a00ce42-6a30-4494-afdd-3531d883237b","tags":[],"isportable":false}
2014-11-19 15:08:15,932 INFO  [o.a.c.f.j.i.AsyncJobMonitor] 
(API-Job-Executor-68:ctx-fca9add6 job-72419) Remove job-72419 from job 
monitoring

+-------+-------------------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| id    | job_cmd                                                           | 
job_status | job_init_msid | job_complete_msid | created             | 
last_updated        |
+-------+-------------------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| 72419 | org.apache.cloudstack.api.command.user.address.AssociateIPAddrCmd |   
       1 |  345048681027 |      345048681027 | 2014-11-19 06:08:15 | 2014-11-19 
06:08:15 |
+-------+-------------------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
1 row in set (0.00 sec)
{noformat}


Create Tag
***********
{noformat}
2014-11-19 15:08:16,376 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
(catalina-exec-1:ctx-dee6efde ctx-ae7d665b ctx-34f0c207) submit async 
job-72421, details: AsyncJobVO {id:72421, userId: 17, accountId: 15, 
instanceType: None, instanceId: null, cmd: 
org.apache.cloudstack.api.command.user.tag.CreateTagsCmd, cmdInfo: 
{"response":"json","cmdEventType":"CREATE_TAGS","ctxUserId":"17","tags[0].value":"hyamashita001-test13","tags[0].key":"cloud-description","httpmethod":"GET","resourcetype":"PublicIPAddress","ctxAccountId":"15","ctxStartEventId":"166734","signature":"Wdx759HnH7eeh1YbfZbqyiPHqOI\u003d","resourceids":"3d7c3a2a-1f2d-46dc-9905-4a7ce620e7e9","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"},
 cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: 
null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, 
lastPolled: null, created: null}
2014-11-19 15:08:16,376 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
(API-Job-Executor-66:ctx-60c43fb5 job-72421) Executing AsyncJobVO {id:72421, 
userId: 17, accountId: 15, instanceType: None, instanceId: null, cmd: 
org.apache.cloudstack.api.command.user.tag.CreateTagsCmd, cmdInfo: 
{"response":"json","cmdEventType":"CREATE_TAGS","ctxUserId":"17","tags[0].value":"hyamashita001-test13","tags[0].key":"cloud-description","httpmethod":"GET","resourcetype":"PublicIPAddress","ctxAccountId":"15","ctxStartEventId":"166734","signature":"Wdx759HnH7eeh1YbfZbqyiPHqOI\u003d","resourceids":"3d7c3a2a-1f2d-46dc-9905-4a7ce620e7e9","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"},
 cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: 
null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, 
lastPolled: null, created: null}
2014-11-19 15:08:16,394 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
(API-Job-Executor-66:ctx-60c43fb5 job-72421 ctx-269323f2) Complete async 
job-72421, jobStatus: SUCCEEDED, resultCode: 0, result: 
org.apache.cloudstack.api.response.SuccessResponse/null/{"success":true}
2014-11-19 15:08:16,404 INFO  [o.a.c.f.j.i.AsyncJobMonitor] 
(API-Job-Executor-66:ctx-60c43fb5 job-72421) Remove job-72421 from job 
monitoring

+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| id    | job_cmd                                                  | job_status 
| job_init_msid | job_complete_msid | created             | last_updated        
|
+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| 72421 | org.apache.cloudstack.api.command.user.tag.CreateTagsCmd |          1 
|  345048681027 |      345048681027 | 2014-11-19 06:08:16 | 2014-11-19 06:08:16 
|
+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
{noformat}

As we can see both the Acquire IP address process and Create TAG process 
completes successfully.

Delete Tag
***********
{noformat}
2014-11-19 15:15:06,496 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
(catalina-exec-18:ctx-f9096d31 ctx-c18e0cef ctx-a73fb445) submit async 
job-72484, details: AsyncJobVO {id:72484, userId: 17, accountId: 15, 
instanceType: None, instanceId: null, cmd: 
org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd, cmdInfo: 
{"response":"json","cmdEventType":"DELETE_TAGS","ctxUserId":"17","tags[0].key":"cloud-description","httpmethod":"GET","resourcetype":"PublicIPAddress","ctxAccountId":"15","ctxStartEventId":"166921","signature":"7aUyelqNUGlgp+4PVdfCzJ0P7xY\u003d","resourceids":"3d7c3a2a-1f2d-46dc-9905-4a7ce620e7e9","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"},
 cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: 
null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, 
lastPolled: null, created: null}
2014-11-19 15:15:06,496 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
(API-Job-Executor-104:ctx-a96a8572 job-72484) Executing AsyncJobVO {id:72484, 
userId: 17, accountId: 15, instanceType: None, instanceId: null, cmd: 
org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd, cmdInfo: 
{"response":"json","cmdEventType":"DELETE_TAGS","ctxUserId":"17","tags[0].key":"cloud-description","httpmethod":"GET","resourcetype":"PublicIPAddress","ctxAccountId":"15","ctxStartEventId":"166921","signature":"7aUyelqNUGlgp+4PVdfCzJ0P7xY\u003d","resourceids":"3d7c3a2a-1f2d-46dc-9905-4a7ce620e7e9","apikey":"tuwHXs1AfpQheJeJ9BcLdoVxIBCItASnguAbus76AMUcIXuyFgHOJiIB44fO57p_bBaqyfppmxrC-rQSb-nxXg"},
 cmdVersion: 0, status: IN_PROGRESS, processStatus: 0, resultCode: 0, result: 
null, initMsid: 345048681027, completeMsid: null, lastUpdated: null, 
lastPolled: null, created: null}
2014-11-19 15:15:06,502 DEBUG [c.c.u.AccountManagerImpl] 
(API-Job-Executor-104:ctx-a96a8572 job-72484 ctx-d9207bf9) Access to 
Acct[6b3b9128-2ef1-4866-8a60-33b284c749de-71000000726] granted to 
Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] by DomainChecker
2014-11-19 15:15:06,506 DEBUG [c.c.u.AccountManagerImpl] 
(catalina-exec-8:ctx-74989794 ctx-5decfcea ctx-111e7f31) Access to 
Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] granted to 
Acct[13ebed98-547c-4036-a4fd-f8c2e4e5dc5c-71000000017] by DomainChecker
2014-11-19 15:15:06,510 ERROR [c.c.a.ApiAsyncJobDispatcher] 
(API-Job-Executor-104:ctx-a96a8572 job-72484) Unexpected exception while 
executing org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd
com.cloud.exception.PermissionDeniedException: 
Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] does not have permission 
to operate within domain id=632
        at com.cloud.acl.DomainChecker.checkAccess(DomainChecker.java:77)
        at 
com.cloud.user.AccountManagerImpl.checkAccess(AccountManagerImpl.java:451)
        at sun.reflect.GeneratedMethodAccessor250.invoke(Unknown Source)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at 
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
        at 
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
        at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
        at 
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
        at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at 
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at com.sun.proxy.$Proxy83.checkAccess(Unknown Source)
        at 
com.cloud.tags.TaggedResourceManagerImpl.deleteTags(TaggedResourceManagerImpl.java:375)
        at sun.reflect.GeneratedMethodAccessor546.invoke(Unknown Source)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at 
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
        at 
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
        at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
        at 
com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:50)
        at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
        at 
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
        at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at 
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at com.sun.proxy.$Proxy315.deleteTags(Unknown Source)
        at 
org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd.execute(DeleteTagsCmd.java:103)
        at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:161)
        at 
com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:97)
        at 
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:507)
        at 
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:50)
        at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
        at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
        at 
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
        at 
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:47)
        at 
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:464)
        at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
2014-11-19 15:15:06,511 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] 
(API-Job-Executor-104:ctx-a96a8572 job-72484) Complete async job-72484, 
jobStatus: FAILED, resultCode: 530, result: 
org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":530,"errortext":"Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017]
 does not have permission to operate within domain id\u003d632"}
2014-11-19 15:15:06,521 INFO  [o.a.c.f.j.i.AsyncJobMonitor] 
(API-Job-Executor-104:ctx-a96a8572 job-72484) Remove job-72484 from job 
monitoring

+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| id    | job_cmd                                                  | job_status 
| job_init_msid | job_complete_msid | created             | last_updated        
|
+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
| 72484 | org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd |          2 
|  345048681027 |      345048681027 | 2014-11-19 06:15:06 | 2014-11-19 06:15:06 
|
| 72489 | org.apache.cloudstack.api.command.user.tag.DeleteTagsCmd |          2 
|  345048681027 |      345048681027 | 2014-11-19 06:15:45 | 2014-11-19 06:15:45 
|
+-------+----------------------------------------------------------+------------+---------------+-------------------+---------------------+---------------------+
2 rows in set (0.00 sec)
{noformat}


Account ID 15 has below credentials 

{noformat}
+----+--------------+--------------------------------------+------+-----------+---------+
| id | account_name | uuid                                 | type | domain_id | 
state   |
+----+--------------+--------------------------------------+------+-----------+---------+
| 15 | 71000000017  | f4d0c381-e0b7-4aed-aa90-3336d42f7540 |    2 |        11 | 
enabled |
+----+--------------+--------------------------------------+------+-----------+---------+
1 row in set (0.00 sec)
{noformat}

Below is the DB record for domain id=632

{noformat}
+-----+-------------+--------------------------------------+--------+----------------+
| id  | name        | uuid                                 | state  | 
network_domain |
+-----+-------------+--------------------------------------+--------+----------------+
| 632 | 71000000726 | 0536af94-fce7-46d2-b98a-9e3fd0f304ae | Active | NULL      
     |
+-----+-------------+--------------------------------------+--------+----------------+
{noformat}

Even though the logs say that access to domain id=632 has been granted to 
account id=15 below;

{noformat}
2014-11-19 15:15:06,502 DEBUG [c.c.u.AccountManagerImpl] 
(API-Job-Executor-104:ctx-a96a8572 job-72484 ctx-d9207bf9) Access to 
Acct[6b3b9128-2ef1-4866-8a60-33b284c749de-71000000726] granted to 
Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] by DomainChecker
{noformat}

The operation fails with no permission.

{noformat}
com.cloud.exception.PermissionDeniedException: 
Acct[f4d0c381-e0b7-4aed-aa90-3336d42f7540-71000000017] does not have permission 
to operate within domain id=632
{noformat}

EXPECTED BEHAVIOR
==================
User should be able to delete the tags

ACTUAL BEHAVIOR
==================
User is unable to delete tags



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)