Bug 1740860

Summary: Tower provider throws error when using v2 api endpoint
Product: Red Hat CloudForms Management Engine Reporter: ecrosby
Component: ProvidersAssignee: Adam Grare <agrare>
Status: CLOSED EOL QA Contact: Nandini Chandra <nachandr>
Severity: medium Docs Contact: Red Hat CloudForms Documentation <cloudforms-docs>
Priority: medium    
Version: 5.11.0CC: agrare, akarol, dmetzger, gocallag, greartes, guillaume.pavese, irshad.ahmed, jfrey, jhardy, mheppler, mparkins, ngupta, obarenbo, phoffmann, saali, simaishi
Target Milestone: GAKeywords: TestOnly, ZStream
Target Release: 5.12.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: testathon
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1794046 1794047 (view as bug list) Environment:
Last Closed: 2020-03-25 18:03:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: Bug
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1794046    

Description ecrosby 2019-08-13 18:17:06 UTC
Description of problem:
"Ansible Tower fails to sync when explicitly using v2 API.
Add an Ansible Tower Provider using the 'v2' API ( i.e https://tower.example.com/api/v2 ). 

Version-Release number of selected component (if applicable):


How reproducible:
Consistently

Steps to Reproduce:
"Ansible Tower fails to sync when explicitly using v2 API.
Add an Ansible Tower Provider using the 'v2' API ( i.e https://tower.example.com/api/v2 ). 
Force provider referesh. 
Tail evm.log.
Ansible Tower Provider will fail to sync with error like:
- MIQ(ManageIQ::Providers::AnsibleTower::AutomationManager::Refresher#refresh) EMS: [Tower Automation Manager], id: [99000000000005] Unable to perform refresh for the following targets:
- undefined method `vault_password' for #<AnsibleTowerClient::Credential::Inputs:0x000055eea78a7578>  Method:[block (2 levels) in <class:LogProxy>]"

Comment 2 Adam Grare 2019-08-13 18:21:34 UTC
You shouldn't have to explicitly pass the version in the URL, we will automatically build the URL in the provider code.
Why did you explicitly want v2?  V1 is deprecated but still on all supported versions of tower.

Comment 3 ecrosby 2019-08-13 18:25:53 UTC
Adam-
   This is part of the testathon we're doing. We saw an RFE for v2, so we tested it out! 

Tower version 3.4.1 

Differ URI settings and results--

With this:
https://tower.example.com/api/v1
I get this for validate:
Credential validation was successful

With this:
https://tower.example.com/api/v2
I get this for validate:
Credential validation was successful

With this:
https://tower.example.com/api/
I get this for validate:
Credential validation was not successful: {:headers=>{"server"=>"nginx/1.12.2", "date"=>"Tue, 13 Aug 2019 18:11:52 GMT", "content-type"=>"application/json", "content-length"=>"55", "connection"=>"close", "vary"=>"Accept, Accept-Language, Cookie", "x-api-total-time"=>"0.037s", "content-language"=>"en"}, :status=>404, :body=>"{\"detail\":\"The requested resource could not be found.\"}", :url=>#<URI::HTTPS https://tower.example.com/api/me/>}

With this:
https://tower.example.com/
I get this for validate:
Credential validation was not successful: {:headers=>{"server"=>"nginx/1.12.2", "date"=>"Tue, 13 Aug 2019 18:10:56 GMT", "content-type"=>"text/html; charset=utf-8", "content-length"=>"3767", "connection"=>"close", "vary"=>"Accept-Language, Cookie", "x-api-total-time"=>"0.084s", "content-language"=>"en"}, :status=>404, :body=>"\n\n\n\n\n<!DOCTYPE html>\n<html>\n <head>\n \n\n \n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\n <meta name=\"robots\" content=\"NONE,NOARCHIVE\" />\n \n\n <title>Not Found &middot; AWX</title>\n\n \n\n<link href=\"/static/assets/favicon.ico?v=3.4.1\" rel=\"shortcut icon\" />\n\n \n <link rel=\"stylesheet\" type=\"text/css\" href=\"/static/rest_framework/css/bootstrap.min.css\" />\n <link rel=\"stylesheet\" type=\"text/css\" href=\"/static/api/api.css?v=3.4.1\" />\n\n\n <link rel=\"stylesheet\" type=\"text/css\" href=\"/static/rest_framework/css/prettify.css\"/>\n <link rel=\"stylesheet\" type=\"text/css\" href=\"/static/rest_framework/css/default.css\"/>\n \n\n<style type=\"text/css\">\ndiv.request-info,\ndiv.response-info span.meta {\n display: none;\n}\n</style>\n\n\n \n </head>\n\n \n <body class=\"\">\n\n <div class=\"wrapper\">\n \n <div class=\"navbar navbar-fixed-top\">\n <div class=\"container\">\n <div class=\"navbar-header\">\n <a class=\"navbar-brand\" href=\"/\">\n <img class=\"logo\" src=\"/static/assets/logo-header.svg\">\n </a>\n <a class=\"navbar-title\" href=\"/me/\">\n <span>&nbsp;&mdash; Not Found</span>\n </a>\n </div>\n </div>\n </div>\n\n\n <div class=\"container\">\n \n\n <!-- Content -->\n <div id=\"content\" role=\"main\" aria-label=\"content\">\n \n\n <div class=\"region\" aria-label=\"request form\">\n \n\n \n\n \n\n \n </div>\n\n <div class=\"content-main\" role=\"main\" aria-label=\"main content\">\n <div class=\"page-header\">\n <h1>Not Found</h1>\n </div>\n <div style=\"float:left\">\n \n \n \n </div>\n\n \n\n <div class=\"request-info\" style=\"clear: both\" aria-label=\"request info\">\n <pre class=\"prettyprint\"><b>GET</b> /me/</pre>\n </div>\n\n <div class=\"response-info\" aria-label=\"response info\">\n <pre class=\"prettyprint\"><span class=\"meta nocode\"><b>HTTP </b>\n\n\n\n</span><span class=\"nocode\">The requested resource could not be found.</span></pre>\n </div>\n </div>\n\n \n \n </div><!-- /.content -->\n </div><!-- /.container -->\n </div><!-- ./wrapper -->\n\n \n\n \n<div id=\"footer\">\n <div class=\"container\">\n <div class=\"row\">\n <div class=\"col-sm-6\">\n </div>\n <div class=\"col-sm-6 footer-copyright\">\n Copyright &copy; 2017 <a href=\"http://www.redhat.com\" target=\"_blank\">Red Hat</a>, Inc. All Rights Reserved.\n </div>\n </div>\n </div>\n</div>\n<div class=\"hidden\">\n <a class=\"hide-description pull-right js-tooltip\" href=\"#\" title=\"Hide Description\"><span class=\"glyphicon glyphicon-remove-sign\"></span></a>\n <a class=\"toggle-description js-tooltip\" href=\"#\" title=\"Show/Hide Description\"><span class=\"glyphicon glyphicon-question-sign\"></span></a>\n</div>\n\n <script>\n window.drf = {\n csrfHeaderName: \"X-CSRFToken\",\n csrfCookieName: \"csrftoken\"\n };\n </script>\n <script src=\"/static/rest_framework/js/jquery-1.12.4.min.js\"></script>\n <script src=\"/static/rest_framework/js/ajax-form.js\"></script>\n <script src=\"/static/rest_framework/js/csrf.js\"></script>\n <script src=\"/static/rest_framework/js/bootstrap.min.js\"></script>\n <script src=\"/static/rest_framework/js/prettify-min.js\"></script>\n <script src=\"/static/rest_framework/js/default.js\"></script>\n <script>\n $(document).ready(function() {\n $('form').ajaxForm();\n });\n </script>\n \n<script src=\"/static/api/api.js?v=3.4.1\"></script>\n\n\n </body>\n \n</html>\n", :url=>#<URI::HTTPS https://tower.example.com/me/>}

Comment 4 Adam Grare 2019-08-13 18:39:07 UTC
Alex can you take a look at why this is failing?  Pretty sure we were stripping the version off in the ansible tower client but maybe I'm thinking of something else

Comment 5 Alexander Zagaynov 2019-08-13 19:00:31 UTC
Hi,

You should enter URL to v2 API explicitly.
If you enter just hostname without path, it will automatically try to use v1: https://github.com/ManageIQ/manageiq-providers-ansible_tower/blob/88aa135c1acd6146a17d01ad5ecbf65540c5890f/app/models/manageiq/providers/ansible_tower/shared/provider.rb#L64

If you enter any other path in the URL (like just `/api` in the comment #3) - it will not work (https://github.com/ManageIQ/manageiq-providers-ansible_tower/blob/88aa135c1acd6146a17d01ad5ecbf65540c5890f/app/models/manageiq/providers/ansible_tower/shared/provider.rb#L57)

I see two comments with opposite observations, at the comment #1 you saying that you getting an error when enter URL with `/api/v2`, at the comment #3 you saying that it validation was successful. Which one is true?

Comment 6 ecrosby 2019-08-13 19:15:26 UTC
I see two comments with opposite observations, at the comment #1 you saying that you getting an error when enter URL with `/api/v2`, at the comment #3 you saying that it validation was successful. Which one is true?

User Validation is successful with v2, but Tower fails to Sync.

Comment 8 Alexander Zagaynov 2019-08-14 13:22:25 UTC
Looks like some Tower's API fields are not mandatory even if documented https://docs.ansible.com/ansible-tower/latest/html/towerapi/api_ref.html#/Credentials/Credentials_credentials_read
PR: https://github.com/ansible/ansible_tower_client_ruby/pull/132

Comment 9 Alexander Zagaynov 2019-09-02 09:46:03 UTC
PR merged

Comment 10 Irshad Ahmed 2019-10-17 05:04:04 UTC
Hi Everyone,

When can we expect a fix for this?
We are also facing the same issue

Regards
Irshad

Comment 11 Alexander Zagaynov 2019-10-17 11:19:13 UTC
Ahmed, fix is ready and merged, you should probably update your app.

Comment 12 Irshad Ahmed 2019-10-17 21:24:58 UTC
Hi Alexander,

We are using this version of cfme

cfme-appliance-common-5.10.11.0-1.el7cf.x86_64
cfme-appliance-5.10.11.0-1.el7cf.x86_64
cfme-gemset-5.10.11.0-1.el7cf.x86_64
cfme-appliance-tools-5.10.8.0-1.el7cf.x86_64
rubygem-redhat_access_cfme-2.0.3-1.el7cf.noarch
cfme-5.10.11.0-1.el7cf.x86_64

We updated it yesterday but still had the same issue
But for a workaround we created a vault password in Ansible and that seems to fix the issue

Regards
Irshad

Comment 13 Alexander Zagaynov 2019-10-21 11:42:35 UTC
Satoe, can you please check, was this backported to the mentioned version?

Comment 14 Satoe Imaishi 2019-10-29 02:20:36 UTC
Sorry, missed needinfo. This isn't fixed in any 5.10.z release yet.

Comment 16 Adam Grare 2020-01-06 18:54:45 UTC
*** Bug 1788106 has been marked as a duplicate of this bug. ***

Comment 17 mheppler 2020-01-10 11:11:58 UTC
Hi,

please, is this fixed in any production version?

Thanks, mheppler

Comment 18 gocallag 2020-01-14 00:01:49 UTC
Hi mheppler,  Just thought i'd let you know I got around this by putting the full api url in the MIQ ansible provider URL - eg https://blah.local/api/v2  rather than just https://blah.local/ -  I'm assuming this will also work for Cloudforms (haven't tried) but this works talking from MIQ to Tower 3.6.3.  /api/v1 was removed in Tower 3.6

Comment 19 mheppler 2020-01-14 13:13:03 UTC
Hi gocallag,

thank you, but when customer specify API version, CF starts messing with URL: 

https://tower/api/v2/project_updates/api/v2/project_updates/18352/

And with missing API version, CF are not able to validate credentials.

Comment 20 mheppler 2020-01-16 08:34:11 UTC
Hi,

please, is this fixed in any production version? Or when it will be fixed?

Thanks, mheppler

Comment 21 Adam Grare 2020-01-20 15:00:37 UTC
Hi mheppler, this has been triaged and has a target release of 5.11.3

Comment 22 Adam Grare 2020-01-20 18:48:14 UTC
*** Bug 1792570 has been marked as a duplicate of this bug. ***

Comment 25 CFME Bot 2020-01-23 15:22:41 UTC
New commit detected on ManageIQ/manageiq-providers-ansible_tower/master:

https://github.com/ManageIQ/manageiq-providers-ansible_tower/commit/06c76fab1b0b8487f55fae6ddd88b8b44cf7ce33
commit 06c76fab1b0b8487f55fae6ddd88b8b44cf7ce33
Author:     Adam Grare <agrare@redhat.com>
AuthorDate: Wed Jan 22 09:56:31 2020 -0500
Commit:     Adam Grare <agrare@redhat.com>
CommitDate: Wed Jan 22 09:56:31 2020 -0500

    Bump ansible_tower_client to v0.20.2

    Pull in fixes for using the ansible_tower v2 API

    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1740860

 manageiq-providers-ansible_tower.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 26 phospi 2020-02-26 16:24:45 UTC
is there going to be a backport to 5.10?

Comment 27 Adam Grare 2020-02-26 16:41:33 UTC
This was backported to 5.10.z (https://bugzilla.redhat.com/show_bug.cgi?id=1794047) and released in version 5.10.15