Fix deleteAccount API to prevent deletion of the caller#8743
Fix deleteAccount API to prevent deletion of the caller#8743JoaoJandre merged 7 commits intoapache:mainfrom
deleteAccount API to prevent deletion of the caller#8743Conversation
lucas-a-martins
changed the title
deleteAccount API to prevent deletion of the caller
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #8743 +/- ##
=============================================
- Coverage 30.98% 15.54% -15.44%
+ Complexity 33526 11978 -21548
=============================================
Files 5361 5494 +133
Lines 376250 481058 +104808
Branches 54933 59650 +4717
=============================================
- Hits 116564 74779 -41785
- Misses 244259 398019 +153760
+ Partials 15427 8260 -7167
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
I think, on many platforms, users can delete their accounts, right? |
Hey @weizhouapache, It's true that a user can delete their accounts on many plataforms, but on these plataforms the user is responsible for creating their account, which usually isn't the case here. In order to create an account, it is necessary to access another account with permission to perform the operation. This should be the same when trying to delete. If the user has the access, they don't need the API to allow deletion of the caller. Additionally, a single account can be used by multiple users, so I don't think it's right to give every user the power to delete a whole account and, as a consequence, every user within that account. Futhermore, not applying this change could provide a way for the user to circumvent the changes made in the I agree that this kind of flexibility is interesting in scenarios where accounts are independent, being created, used and managed by a single user, however, usually this is not the case in ACS. |
|
Hey @weizhouapache, Are there any further concerns regarding this implementation or can we move on this PR? |
@lucas-a-martins |
bernardodemarco
left a comment
bernardodemarco
left a comment
There was a problem hiding this comment.
LGTM, I manually tested this one in a local environment.
In the environment, I had a root admin account called admin2. I logged in with that account and tried to delete it through the UI. The following error message was returned:
Through CloudMonkey, I also logged in with the admin2 account and tried to delete it, but as expected, the operation was not successful.
delete account id=427f7d98-86a4-4228-a133-ce7b61ba4564
{
"account": "admin2",
"accountid": "427f7d98-86a4-4228-a133-ce7b61ba4564",
"cmd": "org.apache.cloudstack.api.command.admin.account.DeleteAccountCmd",
"completed": "2024-07-23T11:59:34+0000",
"created": "2024-07-23T11:59:34+0000",
"domainid": "ba820fc7-12ea-11ef-9500-d283eea8b15e",
"domainpath": "ROOT",
"jobid": "edf2edf8-1ea2-467c-b571-3c2926c8e89f",
"jobinstanceid": "427f7d98-86a4-4228-a133-ce7b61ba4564",
"jobinstancetype": "Account",
"jobprocstatus": 0,
"jobresult": {
"errorcode": 431,
"errortext": "Deletion of your own account is not allowed. To delete account admin2 (ID: 427f7d98-86a4-4228-a133-ce7b61ba4564, Domain: ba820fc7-12ea-11ef-9500-d283eea8b15e), request to another user with permissions to perform the operation."
},
"jobresultcode": 431,
"jobresulttype": "object",
"jobstatus": 2,
"userid": "f7d6bb91-20a0-4c78-b414-b5f3ce7c6022"
}
🙈 Error: async API failed for job edf2edf8-1ea2-467c-b571-3c2926c8e89f
|
@blueorangutan package |
|
@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 10447 |
Co-authored-by: Bernardo De Marco Gonçalves <bernardomg2004@gmail.com>
Co-authored-by: Bernardo De Marco Gonçalves <bernardomg2004@gmail.com>
Co-authored-by: Bernardo De Marco Gonçalves <bernardomg2004@gmail.com>
|
@blueorangutan package |
|
@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 10448 |
|
@blueorangutan package |
|
@JoaoJandre a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 10645 |
|
Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 10660 |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 10679 |
|
@blueorangutan test |
|
@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests |
|
[SF] Trillian test result (tid-11093)
|
* Fix API deleteAccount deleting caller's account * Remove extra line * Add unit tests and change message * apply suggestion Co-authored-by: Bernardo De Marco Gonçalves <bernardomg2004@gmail.com> * remove extra parentheses Co-authored-by: Bernardo De Marco Gonçalves <bernardomg2004@gmail.com> * Update server/src/test/java/com/cloud/user/AccountManagerImplTest.java Co-authored-by: Bernardo De Marco Gonçalves <bernardomg2004@gmail.com> --------- Co-authored-by: Lucas Martins <lucas.martins@scclouds.com.br> Co-authored-by: Bernardo De Marco Gonçalves <bernardomg2004@gmail.com>
7 participants
Description
ACS allows users to delete their own account by calling the
deleteAccountAPI via CLI. Fixing this behavior has been previously suggested in this comment. Furthermore, there's already a feature to prevent a user from deleting their own account via UI; however, slower environments create a small window where it's possible for the user to click the button before it's disabled, allowing deletion even through the UI (see this comment).This pull request addresses this issue by adding a validation that checks the
UUIDof the caller's account and compares it with theUUIDof the account they are trying to delete. If they are the same, an exception is thrown.Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
I tested by creating a new account (Temp) and attempted to delete it using a user in this same account via CloudMonkey.
As expected, an exception was thrown.
Next, I attempted to delete the account via the UI by rapidly clicking the delete icon. Once again, an exception was thrown without deleting the account.