Opened 50 years ago

Last modified 9 years ago

#882 new task

IZ541: Not clear error message when execute add ge adapter command as NOT SDM admin user.

Reported by: marcingoldyn Owned by:
Priority: normal Milestone:
Component: hedeby Version: 1.0
Severity: Keywords: cli
Cc:

Description

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=541]

        Issue #:      541          Platform:     All         Reporter: marcingoldyn (marcingoldyn)
       Component:     hedeby          OS:        All
     Subcomponent:    cli          Version:      1.0            CC:    None defined
        Status:       NEW          Priority:     P3
      Resolution:                 Issue type:    TASK
                               Target milestone: 1.0u5next
      Assigned to:    adoerr (adoerr)
      QA Contact:     adoerr
          URL:
       * Summary:     Not clear error message when execute add ge adapter command as NOT SDM admin user.
   Status whiteboard:
      Attachments:


     Issue 541 blocks:
   Votes for issue 541:     Vote for this issue


   Opened: Thu Jul 31 23:26:00 -0700 2008 
------------------------


   Description:
   When user who is not SDM admin will try to add GE Adapter, he will end up with
   not clear error message. Instead of proper message that the user is not a SDM
   admin and he doesnt have permission to execute this command he gets more XML
   parse related exception:

   "Error: com.sun.grid.grm.validate.GrmValidationException: Object validation
   exception
   Error: Error while searching complex mapping default: permission denied

           at
   com.sun.grid.grm.service.impl.ge.GEServiceConfigValidator.validate(GEServiceConfigValidator.java:111)
           at
   com.sun.grid.grm.service.impl.ge.GEServiceConfigValidator.validate(GEServiceConfigValidator.java:55)
           at
   com.sun.grid.grm.validate.ValidatorService.validate(ValidatorService.java:171)
           at
   com.sun.grid.grm.validate.ValidatorService.validateChain(ValidatorService.java:294)
           at com.sun.grid.grm.config.XMLUtil.edit(XMLUtil.java:610)
           at
   com.sun.grid.grm.service.impl.ge.cli.AddGEServiceCliCommand.execute(AddGEServiceCliCommand.java:140)
           at com.sun.grid.grm.cli.AbstractCli.run(AbstractCli.java:268)
           at com.sun.grid.grm.cli.SdmAdm.main(SdmAdm.java:160)
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at
   sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
           at
   sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:585)
           at
   com.sun.grid.grm.util.MainWrapper$SystemRunThread.run(MainWrapper.java:434)"

   Evaluation:

   This issue only shows up when command is not executed as SDM admin user.

   Suggested Fix:

   Check for permission denied exception and add proper message.

   Analysis:

   The problem is in GEServiceConfigValidator class. In line 101 all Grm Exceptions
   including the one about access denied are catched and put to the common XML
   validator list, which contains all XML validation errors. All errors from that
   list are then thrown with GrmValidationException. We need to check in catch
   block from line 101 if the exception that we get is permission denied related
   and then if yes we will add proper message related to the exception instead of
   misleading one which right now is "Error while searching complex mapping
   default: permission denied" with XML validation stack trace.

   How to test:

   We need to create testsuite test. Then try to add to the running system ge
   adapter as user who is not SDM admin user. We should get a proper error message
   that will tell user exactly what just happen. Test will run successfully if
   error message will match our proper message defined in this fix.

   ETC:

   2 PD
               ------- Additional comments from marcingoldyn Tue Aug 5 02:20:26 -0700 2008 -------
   *** Issue 548 has been marked as a duplicate of this issue. ***
               ------- Additional comments from torsten Tue Aug 5 02:29:45 -0700 2008 -------
   Maybe the idea of the checkAccessCommand in the analysis section of issue 548
   might be interesting for resolving this task.
               ------- Additional comments from zwierzak Tue Aug 5 02:41:59 -0700 2008 -------
   The idea in issue 548 is not good. Reason is simple, to check if user is
   SDMAdmin user you need to use ConfigurationService to get this information. So
   you will get the same message "permission denied". ConfigurationServiceImpl.java
   line 151, throws GrmException and the cause is set from
   AccessControllerException, so client side is able to identify the problem and
   put proper descriptive message as in initial analysis it's written
               ------- Additional comments from afisch Fri Aug 8 01:44:43 -0700 2008 -------
   You are right it would be not sufficient to check the user status with
   CheckAccessCommand. But it could be extended to clarify the cs connection access
   and the users access rights at the same time.
   The behavior would be something like this:

   1.) It should state: "could not connect to cs Service. Please check if
   CS@vm@host@port is started and runnig. " if:
       CS is offline / not connectable
       connection failed / user state unknown

   2.) It should state: "could not connect to cs Service! User could not be
   authentificated. Please get a valid keystore or use the -ppw option." if:
       CS is online && keystore inaccessible/invalid && -ppw option is not used or
   the -ppw login failed
       connection failed / user state unknown

   3.) It should state: "could not connect to cs Service! Server Certificate was
   not trusted " if:
       CS is online && Pemfile inaccessible/invalid && && trust ==> no
       connection failed / user state unknown

   3.) It should state "user is not a sdm admin user, access denied. Please do ... " if
      CS is online && Keystore & Pemfile accessible/valid or access granted by -ppw
   + trust=yes && user != sdmAdmUser
       connection established / user state non sdm admin

   4.) Access granted if
      CS is online && Keystore & Pemfile accessible/valid or access granted by -ppw
   + trust=yes && user == sdmAdmUser
      connection established / user state sdm admin

   The benefits of the command would be:
   1.) A condensed place to verify the connection/access.
   2.) The connection access status can easily be  checked before other  things
   are done. For example before the edit process of the edit component  is
   displayed. This would prevent that the user is wasting his time :)

               ------- Additional comments from rhierlmeier Wed Nov 25 07:21:11 -0700 2009 -------
   Milestone changed

Change History (0)

Note: See TracTickets for help on using tickets.