It is not possible to change Controller_org_ID in the App-controler-configuration

[elfriedegoetz]

[Build] docker 17.7 2018/06/11

[Steps to reproduce] log in to App-Controller-configuration xxx:8881/oscm-app/ edit  "Organization ID" to a different organization "ab6b5473" log in to AWS-Controler xxx:8881/oscm-app-aws

[Expected result] should be work

[Observed result] is not possible

[Details] In the "bssapp" db the BSS_USER_ID for ess.aws is administrator, but this is not a user of the organisation "ab6b5473"

[GoebelL]

The steps required to change the reponsible organization should be same for all controllers. This is as described in OSIntegration.pdf, 4.5 Changing the Responsible Organization:

change the technology provider organization responsible for the IaaS service controller using the Web interface of APP:

1. In a Web browser, access the Web interface (base URL) of APP. The access URL has the following format: https://:/oscm-app is the name and the fully qualified domain name of the machine where the oscm-app container has been deployed, is the port to address the machine (default: 8881), oscm-app is the default context root of APP and cannot be changed.
2. Log in with the ID and password of the user specified for BSS_USER_KEY in the configuration settings for APP or as another administrator of the same organization.
3. Specify the technology provider organization for the service controller, ess.....
4. Save the settings.
5. Make sure that the configuration settings for the service controller are updated. Any technology manager registered for the technology provider organization you specified can log in to the graphical user interface for updating the controller configuration settings (see above). At least the ID and password of the user to be used for accessing OSCM must be changed in the controller configuration settings.

[GoebelL]

Platform Operator should always have access to controller UIs. Check issue #23.

[GoebelL]

@marcin-fest (or @fest-floreks?) Please check the documented steps listed above. If changes are required, it'll be nice if you write the details and assign this to @gertipoppel for adaption.

[ghost]

I am looking at it now. I have just finished to test VMware controller and everything seems to work correctly - after changing Organization ID I am able to login with new user and with main administrator:

Now I will test it OpenStack controller.

On the first image you can see a bug, that I will report soon.

[ghost]

When testing AWS and OpenStack controllers I am failing to login as new user and as an administrator. I will investigate it:

[ghost]

Okay, so I have investigated it with @kowalczyka it seems that @elfriedegoetz steps are incorrect considering current implementation.

Correct steps to change user at the moment are:

Login to specific controller's UI with user that is able to view it, i.e. https://10.140.18.123:8881/oscm-app-aws/ for AWS controller. After logging in you can change user credentials:

After saving this configuration you have to go back to https://10.140.18.123:8881/oscm-app/ and modify Organization ID:

After changes in these two locations you should be able to login with the new user from another organization. It is important that:

• data in oscm-app-* and oscm-app has to be in sync
• in order to keep the data in sync you have to start updates with changes in oscm-app-* UI

I think this should be improved and all this data should be changeable from oscm-app if there is no functional/client requirement saying otherwise.

[ghost]

PTAL @elfriedegoetz @GoebelL

[ghost]

And there is one more issue - there is no way to change user ID, key and password for VMware controller in the UI it seems. At least, from /oscm-app-vmware endpoint.

[GoebelL]

@marcin-fest Thanks for the analysis. I can also confirm that the organization is changeable with the described procedure. Thus it's working as designed.

there is no way to change user ID, key and password for VMware controller in the UI it seems. At least, >from /oscm-app-vmware endpoint.

That's true. @elfriedegoetz has already reported this as issue #122. There is a fix in progress by @xusuest.

This issue is closed.

[elfriedegoetz]

It is not possible to change the Controler_ID for vmware. see Bug 122

[elfriedegoetz]

It is not possible to Change the Controller ID for aws: step1: Install docker with sample data step2: Login to APP with administrator passwoed admin123 step3: Change Organisation ID for ess.aws to PLATFORM_OPERATOR step4: click save step5: Login to aws Controller with supplier@adfs.com Password supplier step6: click save error message: *** User does not belong to the correct organization.

[GoebelL]

This works as expected because supplier@adfs.com is not member of PLATFORM_OPERATOR.

[GoebelL]

If you want to change the organization you should proceed as described in the documentation - see above.

[elfriedegoetz]

The behavior is strange, therefore it is not easy to test and describe. I suspect that the data is not always read from the database. I have tested again for vmware Controller.

step1: Install docker with sample data step2: Login to APP with "administrator password admin123" step3: Change Organisation ID for ess.vmware to PLATFORM_OPERATOR step4: click save step5: Login to vmware Controller with "administrator password admin123" step6: change BSS_USER_ID to administrator 1000 admin123 step7: click save works fine

now I Change the Organisation ID back to "959c9bf7"

step1: Login to APP with "administrator password admin123" step2: Change Organisation ID for ess.vmware to 959c9bf7 step3: click save step4: Login to vmware Controller with "administrator password admin123" Login is not possible for administrator. Login for "supplier@adfs.com" Password supplier works fine.

note: I tested with Firefox private mode to make sure that nothing is stored in the browser

[elfriedegoetz]

tha same for aws controller

[elfriedegoetz]

sorry, above I mean Organisation ID for the Controller and NOT Controller ID

[kowalczyka]

If you change the organization id so that not PLATFORM_OPERATOR is used, the administrator (PLATFORM_OPERATOR organization) will no longer be able to login to controller UI

[elfriedegoetz]

Okay: It works as described from Goebel above. (see commented on Jun 22 ) But Platform Operator should always have access to controller UIs. see comment from Goebell above. I am not sure if this is still necessary.

[ghost]

But Platform Operator should always have access to controller UIs

Are you 100% sure about it?

see comment from Goebell above.

Which comment?

[elfriedegoetz]

GoebelL commented on Jun 26 or it ther a misunderstanding?

[ghost]

GoebelL commented on Jun 26 or it ther a misunderstanding?

Okay, in my opinion we should create separate issue for it and close this one.

[GoebelL]

Lots of duplicate reporting. Please check the open issues before filing new ones.

in my opinion we should create separate issue for it and close this one.

Not needed. The missing access for the platform administrator is reported in issue #23. This one is closed.