Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1518459

Summary: Add missing validations for affinity group, label, users and roles when registering a VM or a Template
Product: [oVirt] ovirt-engine Reporter: Maor <mlipchuk>
Component: Backend.CoreAssignee: Benny Zlotnik <bzlotnik>
Status: CLOSED CURRENTRELEASE QA Contact: Elad <ebenahar>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.2.0CC: amureini, bugs, bzlotnik, mlipchuk, ratamir, ylavi
Target Milestone: ovirt-4.2.1Flags: rule-engine: ovirt-4.2+
ylavi: exception+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: DR
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-12 11:56:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Storage RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1505419    
Attachments:
Description Flags
verification screenshot none

Description Maor 2017-11-28 23:46:33 UTC 
Description of problem:
As part of the DR site to site we added the ability to support other entity attributes such as permissions, affinity group and affinity labels.
All those properties are already part of the entity's OVF.
If some of those properties are missing like role or user, we simply register the entity without those properties.
We should add validations for those properties which will be validated as part of the entity registration process.
For example, we should check if user/role/affinity exists, if not the registration should fail unless the user will register the entity with the partial import flag.
The missing properties should be displayed in an audit log message

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Create VM + Add it to an affinity group 
2. detach the storage domain the VM's disks are reside on
3. attach the storage domain to a new DC and register the VM

Actual results:
The VM will be registered without the affinity group

Expected results:
The VM should fail to be registered

Additional info:
Comment 1 Allon Mureinik 2017-11-29 07:30:22 UTC 
Maor, the link to the patch seems to be broken - can you take a look please?
Comment 2 Yaniv Kaul 2017-11-29 13:16:42 UTC 
Severity?
Comment 3 Elad 2018-02-01 11:18:14 UTC 
Hi Benny, I can't see any audit message in case a user/role/affinity-group/label is missing in the DC/cluster where the VM is registered to, after this VM's storage domain was detached from a different DC.
Comment 4 Elad 2018-02-01 11:34:50 UTC 
Tested with rhvm-4.2.1.4-0.1.el7.noarch
Comment 5 Elad 2018-02-01 12:00:38 UTC 
No warning in audit log in Webadmin events is shown, it does in engine.log [1]. 
I think we should also have this logged in the Webadmin. 

Leaving the bug ON_QA for now. Allon/Benny, please add your input, thanks.



[1]

2018-02-01 13:55:57,602+02 WARN  [org.ovirt.engine.core.bll.validator.ImportValidator] (default task-5) [] Affinity group g1 for cluster id df476b9e-8c90-40ae-a9ea-a0ba5bbeaef9 does not match VM cluster id 72112289-46ee-4049-a7a4-bc9f90ac1145
Comment 6 Elad 2018-02-01 14:17:20 UTC 
Created attachment 1389518 [details]
verification screenshot

As seen in the screenshot, in case an entity doesn't exist in the DC (such as affinity group or label), an event is shown in events tab in Webadmin along with log entry in engine.log:


2018-02-01 16:14:13,229+02 WARN  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engine-Thread-69063) [6df7d601-4341-4496-af31-677c1eb0daf4] EVENT_ID: IMPORTEXPORT
_PARTIAL_VM_MISSING_ENTITIES(1,188), The following entities could not be verified and will not be part of the imported VM test: 'Affinity groups: g1 Affinity labels: label Users: elad@internal-authz ' (User: adm
in@internal-authz)


Used rhvm-4.2.1.4-0.1.el7.noarch
Comment 7 Sandro Bonazzola 2018-02-12 11:56:56 UTC 
This bugzilla is included in oVirt 4.2.1 release, published on Feb 12th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.1 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.