Bug 1494359

Summary: [UPSTREAM] Unexpected error while deleting network router of cloud tenant
Product: Red Hat CloudForms Management Engine Reporter: Yadnyawalk Tale <ytale>
Component: UI - OPSAssignee: Karel Hala <khala>
Status: CLOSED ERRATA QA Contact: Ganesh Hubale <ghubale>
Severity: medium Docs Contact:
Priority: high    
Version: unspecifiedCC: aveselov, ghubale, hkataria, jhardy, khala, maufart, mpovolny, obarenbo, simaishi
Target Milestone: GAFlags: ytale: automate_bug-
Target Release: 5.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: ui:tenant
Fixed In Version: 5.10.0.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-07 23:02:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: Bug
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Openstack Target Upstream Version:
Embargoed:

Comment 3 Martin Povolny 2017-09-26 12:08:07 UTC 
So the problem here is not a simple one to fix.

You cannot delete a network router from a nested list of routers displayed on a cloud tennant. URL like this:

http://localhost:3000/cloud_tenant/show/10000000000004?display=network_routers

In the cloud_tenant controller there's code that tries to redirect to GET request to network_routers controller action delete_network_routers. There is such action it the code but there's no route in routes.rb for that.

Adding the route there would seemingly fix the issue. BUT it would actually create a XSRF vulnerability. GET request must NOT do destructive stuff. GET should not change things. And this would be the result if we "fixed" this by adding the route.

The proper fix here is to reimplement the 'delete' function on network routers via the API.

An ugly fix is to add call to the delete_network_routers function to the CloudTenantController.rb. That would be a mess.

Way to get around the bug is to not show the delete button on the nested list page. Have it only be displayed if on a details page for a network router or when displaying the list of network routers under the network_router controller.

My bet is this never worked.

Handing this over to the OpenStack team for decision and planning.
Comment 4 Andrey 2017-11-09 10:14:07 UTC 
Added API delete action for Network Router https://github.com/ManageIQ/manageiq-api/pull/193
Comment 5 Martin Povolny 2018-01-16 07:53:14 UTC 
I see no question here so resetting the needinfo flag.
Comment 6 Andrey 2018-02-05 13:00:53 UTC 
Hello. After the API for 'delete' was implemented, could you take care of the rest of this BZ, adding a UI fix? Also, I can do it by myself, if it's necessary.
Comment 8 Karel Hala 2018-02-27 08:22:07 UTC 
PR is out - https://github.com/ManageIQ/manageiq-ui-classic/pull/3436, however it's blocked by another PR. I will keep this issue updated.
Comment 9 Karel Hala 2018-05-07 08:34:44 UTC 
PR was merged, sadly CFME bot did not recognized it.
Comment 11 errata-xmlrpc 2019-02-07 23:02:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:0212