Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-5400

ChildContainers don't have correct RBAC configuration.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • jboss-fuse-6.3
    • jboss-fuse-6.3
    • Fabric8 v1, Karaf
    • None
    • % %
    • Hide

      1. add user test=test,Administrator
      2. start with bin/start and connect with bin/client -u test
      3. fabric:create, container-create-child root test
      4. container-edit-jvm-options -f test

      Show
      1. add user test=test,Administrator 2. start with bin/start and connect with bin/client -u test 3. fabric:create, container-create-child root test 4. container-edit-jvm-options -f test
    • Sprint 5 - towards ER2

    Description

      User with the only role "Administrator" can't access container jvm opts using container-edit-jvm-options -f , because it fails with:

      2016-04-27 10:44:26,750 | ERROR | Thread-51        | ContainerEditJvmOptionsAction    | 38 - org.apache.karaf.shell.console - 2.4.0.redhat-630045 | Unable to fetch child jvm opts
java.lang.SecurityException: Insufficient roles/credentials for operation
	at org.apache.karaf.management.KarafMBeanServerGuard.handleInvoke(KarafMBeanServerGuard.java:350)
	at org.apache.karaf.management.KarafMBeanServerGuard.handleGetAttribute(KarafMBeanServerGuard.java:270)
	at org.apache.karaf.management.KarafMBeanServerGuard.invoke(KarafMBeanServerGuard.java:88)
	at org.apache.karaf.management.internal.MBeanInvocationHandler.invoke(MBeanInvocationHandler.java:43)
	at com.sun.proxy.$Proxy2.getAttribute(Unknown Source)
	at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1445)
	at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76)
	at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1309)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1408)
	at javax.management.remote.rmi.RMIConnectionImpl.getAttribute(RMIConnectionImpl.java:639)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:323)
	at sun.rmi.transport.Transport$1.run(Transport.java:200)
	at sun.rmi.transport.Transport$1.run(Transport.java:197)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
	at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
	at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:276)
	at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:253)
	at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:162)
	at com.sun.jmx.remote.internal.PRef.invoke(Unknown Source)
	at javax.management.remote.rmi.RMIConnectionImpl_Stub.getAttribute(Unknown Source)
	at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.getAttribute(RMIConnector.java:903)
	at io.fabric8.commands.ContainerEditJvmOptionsAction.doExecute(ContainerEditJvmOptionsAction.java:118)
	at org.apache.karaf.shell.console.AbstractAction.execute(AbstractAction.java:33)
	at org.apache.felix.gogo.commands.basic.AbstractCommand.execute(AbstractCommand.java:35)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:54)
	at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
	at io.fabric8.commands.$ContainerEditJvmOptions1028037130.execute(Unknown Source)
	at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)
	at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)
	at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)
	at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)
	at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)
	at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)
	at org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:92)
	at org.apache.karaf.shell.console.jline.Console.run(Console.java:197)
	at org.apache.karaf.shell.ssh.ShellFactoryImpl$ShellImpl$1.runConsole(ShellFactoryImpl.java:173)
	at org.apache.karaf.shell.ssh.ShellFactoryImpl$ShellImpl$1$1.run(ShellFactoryImpl.java:125)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.karaf.jaas.modules.JaasHelper.doAs(JaasHelper.java:47)
	at org.apache.karaf.shell.ssh.ShellFactoryImpl$ShellImpl$1.run(ShellFactoryImpl.java:123)

      It's not about incorrect credentials, because it fails even with container-edit-jvm-options -u test -p test -f

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-5402 SSHContainers don't have correct RBAC configuration.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-5966 Error executing command: Insufficient credentials when we use JMX Mbeans for creating fabric & ssh containers

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-5118 Invalid BundleContext when installing patch feature to admin:created container

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-5186 container-stop operation may report wrong outcome

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-5443 fabric8 jboss-fuse-full profile is missing some ACL entries for fabric:* commands

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-5619 [itests] ARQ/pax-exam tests affected by package refresh

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              pantinor@redhat.com Paolo Antinori
              avano@redhat.com Andrej Vano
              Andrej Vano Andrej Vano
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: