New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fecthing DefaultGeneralTimeZone and DefaultWindowsTimeZone config values by non admin user is not permitted #1488
Comments
It was discussed with mwperina and michalskrivanek and we agreed on changing the permission access for those two DefaultTimeZone vals to |
It would be better to solve the core issue here though and that is the fact users cannot set the timezone + they can change the operating system when provisioning from a template (and in case of Windows template I guess they usually do since the OS type is always defaults to 'Other OS') |
@ahadas
Regarding your suggested solution:
As mentioned above, users can change OS not only when provisioned from a template (for ISO and when editing a VM) and they can set the TZ for sysprep with all existed use cases.
Displaying and editing OS for an existing/new VMs were both supported for old VM portal >= 3.1 and therefore it's not recommended to remove this functionality. User portal 3.1 - Create a VM:
The same goes for cloud-init/sysprep functionality: #498
Setting all VM's TZ correct values on backend for all mentioned use cases above seems possible but will require a pretty big fix on all mentioned use cases for web-ui and based on OS set on web-ui as well. In addition, the functionality of setting Sysprep TZ will be dismissed (supported since oVirt 4.3.7 #1004). |
Changing the OS from Windows to non-Windows, or vice versa, should be handled at the backend side - but that's really not that important (why would someone change the VM's operating system type? it can happen but it's really not that likely)
OK, so if the TZ is available for sysprep in that case, there's no issue here, right?
In this case, it makes sense for the user to define the OS so I don't think we need to change it
This is the problematic part -
Yes, but let's concentrate on the most common case - changing the OS of existing VMs is not that likely, I'm OK with you setting an arbitrary TZ in that case
The VM portal is not that commonly used so I wouldn't avoid making a change since it was that way for a long time
So let's concentrate only on the provisioning from templates - that would likely solve most of the cases |
Also take into account that the VM portal works quite different than how the user portal used to work - |
That was a bug - it failed if didn't fit the OS. We need to set the TZ with same defaults as on backend. Since it's configured via config val then we can't just arbitrary chose it,
As I mentioned, this is auto set for the created VM as long as the user is not overridden it. I'm still not convinced why removing the OS for a specific use case is needed instead of a simple fix of changing the permission access for those two DefaultTimeZone vals. As an alternative we can consider changing the API on backend such that the web-ui will supply all relevant data including chosen OS, which might override the provisioned template one, and backend will decide which TZ to set in instead of doing that on web-ui side. Since the user can't choose the VM's TZ for both new/existed VM then it's possible to do. I don't think it worth the effort though. |
@ahadas let's decide on this issue. AFAICS There are 3 options for solving:
|
I don't see how the third option is feasible - semantically we can either specify a value for a field or omit the field and then it defaults to the corresponding value from the template. And anyway, I saw this as an opportunity to sort out virtual machine provisioning by the web-ui but if we can't achieve that (and as we approach the GA of oVirt 4.5 it becomes more likely we won't) then I would suggest not to put much efforts into this - do the simplest thing that seems reasonable, probably the first option, and hopefully users won't face similar issues with other fields in the future.. |
Implemented option no 1 - see https://gerrit.ovirt.org/c/ovirt-engine/+/118358 |
Change-Id: Ib5f64b5d8bec10cca4e679590fe4cecf500a05a7 Reference-Url: oVirt/ovirt-web-ui#1488 Signed-off-by: Radoslaw Szwajkowski <rszwajko@redhat.com>
Implemented on Gerrit, closing this issue as DONE. |
As part of fetching server config values after every login phase, the web-ui always tries to fetch the following config parameters for both admin and non admin users:
DefaultGeneralTimeZone
DefaultWindowsTimeZone
ovirt-web-ui/src/sagas/server-configs.js
Lines 32 to 33 in 7a92043
When the current user has no administrator role granted, this action always fails and backed return 404:
The error appears on backend server log as well:
The reason is that both config parameters are currently set to be exposed to admin users only:
https://github.com/oVirt/ovirt-engine/blob/36cc7b294ad0c1545bbbbefc0b172302d0767647/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java#L481-L485
Need to consider if to change permission on backend or to always use default hard-coded values on web-ui in case of non admin.
The text was updated successfully, but these errors were encountered: