Bug 1331843

Summary: If you don't enter Azure Subscription ID, provider defaults to an unknown subscription and displays errors in GUI and Log.
Product: Red Hat CloudForms Management Engine Reporter: Jeff Teehan <jteehan>
Component: ProvidersAssignee: Bronagh Sorota <bsorota>
Status: CLOSED ERRATA QA Contact: Jeff Teehan <jteehan>
Severity: high Docs Contact:
Priority: high    
Version: 5.6.0CC: cpelland, dajohnso, dberger, jfrey, jhardy, obarenbo, simaishi
Target Milestone: GA   
Target Release: 5.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: provider:azure:ui
Fixed In Version: 5.6.0.6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-29 15:56:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeff Teehan 2016-04-29 19:11:10 UTC 
Description of problem:
I added a new Azure provider but did not specify a Subscription ID.  Upon save, it defaulted to 9ee63d8e-aee7-4121-861c-d67a5b8d231e

Tried again on a different appliance and different azure account and it defaulted to the same ID of 9ee63d8e-aee7-4121-861c-d67a5b8d231e

Version-Release number of selected component (if applicable):
5.6.0.4-beta2.3.20160421172650_719e256

How reproducible:
Both my system and Sshveta's system.

Steps to Reproduce:
1.  Add an Azure Cloud provider.
2.  Do not enter anything in the subscriber ID field.  (It's not required as of now.)
3.  Save the provider.

Actual results:
If you immediately edit the provider you see the above subscription id.  When you go to provider summary, last refresh may say failed.

[----] E, [2016-04-29T14:59:51.215759 #19372:f2f990] ERROR -- : [Azure::Armrest::UnauthorizedException]: The access token is from the wrong issuer 'https://sts.windows.net/ad645659-ecb0-41a4-a7ad-3ce6d10910bf/'. It must match the tenant 'https://sts.windows.net/2e64678d-2fa8-40ed-8922-c9b8e2c3f100/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/2e64678d-2fa8-40ed-8922-c9b8e2c3f100' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later.  Method:[rescue in block in refresh]


Expected results:
Either don't supply and ID or make the field mandatory.

Additional info:
Comment 2 Daniel Berger 2016-05-06 17:53:39 UTC 
I am unable to duplicate this on master. I get subscription e6adc15d-xxx and it reports success. However, it's not impossible that you could get a mismatch between the subscription and the tenant id, as we have seen this before.

In any case, I've submitted a PR to the azure-armrest gem which I believe will solve the problem. It does mean making 1 or more additional HTTP requests if no subscription ID is provided, as there is simply no other way to tell afaik.

https://github.com/ManageIQ/azure-armrest/pull/164
Comment 3 Jeff Teehan 2016-05-06 18:10:18 UTC 
Few updates.  It's not immediately.  It could take up to a minute.  Second, it is definitely adding a subscription ID if one is not provided.

1.  Add a new provider without setting the Subscription.
2.  Validate Provider and then Save.
3.  Wait a minute or so, and then Edit Provider.
4.  In all my tries, it now showed a Subscriber ID.

I did this latest test on a new appliance to make sure nothing was being cached.

Can no longer reproduce the case where it retrieves an incorrect Subscription ID.
Comment 4 CFME Bot 2016-05-09 15:50:48 UTC 
https://github.com/ManageIQ/manageiq/pull/8546
Comment 5 CFME Bot 2016-05-09 20:45:54 UTC 
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/3868db7172ca8a28e7e7dcb2603548531b018ab0

commit 3868db7172ca8a28e7e7dcb2603548531b018ab0
Author:     Bronagh Sorota <bsorota>
AuthorDate: Mon May 9 10:58:55 2016 -0400
Commit:     Bronagh Sorota <bsorota>
CommitDate: Mon May 9 10:58:55 2016 -0400

    Bumped to latest azure-armrest gem
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1331843

 gems/pending/Gemfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 6 CFME Bot 2016-05-11 11:36:39 UTC 
https://github.com/ManageIQ/manageiq/pull/8407
Comment 7 Jeff Teehan 2016-05-13 15:44:22 UTC 
This looks good.  It's just grabbing the default if one does not exist.  Verified the gem version and moving to Verified for 5606.
Comment 8 CFME Bot 2016-05-17 17:26:07 UTC 
https://github.com/ManageIQ/manageiq/pull/8473
Comment 10 errata-xmlrpc 2016-06-29 15:56:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1348