Bug 1889755

Summary: Connection Test() fails with invalid_grant: The provided authorization grant for the auth code has expired.
Product: [oVirt] ovirt-engine-sdk-go Reporter: Artur Socha <asocha>
Component: CoreAssignee: Eli Mesika <emesika>
Status: CLOSED CURRENTRELEASE QA Contact: Lukas Svaty <lsvaty>
Severity: medium Docs Contact:
Priority: medium    
Version: ---CC: bugs, emesika, mperina
Target Milestone: ovirt-4.4.3Flags: sbonazzo: ovirt-4.4?
Target Release: 4.4.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-05 09:12:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1889787    

Description Artur Socha 2020-10-20 14:14:25 UTC 
Description of problem:
Execution of Test() method on Connection object[1] fails with invalid_grant error 
visible in the engine's logs: 

2020-10-20 15:51:42,295+02 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-34) [1ed6edb1] OAuthException invalid_grant: The provided authorization grant for the auth code has expired.

As the result each time new authentication request is sent.


How reproducible:


Steps to Reproduce:
1. Setup ovirt-engine
2. Build and run code according to instructions: [2]



[1] https://github.com/oVirt/go-ovirt/blob/2d1b618f0c3e9146926c7cf55ed2aae1e7110568/connection.go#L75
[2] https://gist.github.com/arso/1b4316cd5a6a069a0c5526fc330890f2

Additional info:

The reason ovirt engine complains with the error desribed above is the fact that HTTP OPTIONS call does not contain proper token in 'Authorization' header - the value seems to be truncated to 'Authorization: Bearer'
Comment 1 Eli Mesika 2020-10-21 09:04:31 UTC 
I will test the same from Python SDK to see if the problem is in GO or in engine code
Comment 2 Eli Mesika 2020-10-22 10:37:19 UTC 
I didn't manage to reproduce 

Please look at [1] which runs with no problems on my side (just replace all parameters enclosed with "<>" with yours 

1) Did you have "https://" in your URL and it ends with "ovirt-engine/api" as in the example 
2) Do you use the format "user@domain" in user field 
3) Do you have the correct password ?



[1] http://pastebin.test.redhat.com/912239
Comment 3 Artur Socha 2020-10-22 11:27:09 UTC 
I have just realized that I did not add one important instruction. 
Ovirt engine must be deployed from RPM (with httpd). Tested against various 4.4.2 variants. 

ad1) ack to both parts
ad2) yes - in my case admin@internal
ad3) yes (I shared it privately)

When this client is run it will not end with failure - only error log statement in engine.log is issued (the from the bz description).
Comment 4 Eli Mesika 2020-10-22 13:09:58 UTC 
I got input from Artur Socha that this is only happening for engines deployed from RPM (with httpd etc)
Looking at the Go Test code and comparing it to java/python SDK connection validation it seems that we don't need all this complexity 
It is enough to call the system service Get() method and see that it is not throwing an error 

I will push a patch that align Go SDK connection testing with java/python SDK connection testing logic
Comment 5 Eli Mesika 2020-10-25 10:45:06 UTC 
solved in commit 92c1875a918b8e2f4aaf0d6110be9422dfc1ce10