Bug 2048537

Summary: Exposed route host to image registry” connecting successfully to invalid registry “xyz.com”
Product: Migration Toolkit for Containers Reporter: ssingla
Component: ControllerAssignee: Pranav Gaikwad <pgaikwad>
Status: CLOSED ERRATA QA Contact: ssingla
Severity: medium Docs Contact: Richard Hoch <rhoch>
Priority: medium    
Version: 1.7.0CC: apinnick, ernelson, jmatthew, jmontleo, rjohnson, xjiang
Target Milestone: ---   
Target Release: 1.7.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2031101 Environment:
Last Closed: 2022-07-01 09:52:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2031101    
Bug Blocks:    

Description ssingla 2022-01-31 13:10:46 UTC 
+++ This bug was initially created as a clone of Bug #2031101 +++

Severity: Low
Priority: Low

Description of problem: 
When I enter "xyz.com" in "Expose route host to image registry" field, It shows connection successful.

Version-Release number of selected component (if applicable):
MTC 1.7.0
SOURCE CLUSTER: AWS 4.6 
TARGET CLUSTER: AWS 4.9 (CONTROLLER)

How reproducible:
Always

Steps to reproduce:
1.  Login to the MTC console 

2. Go to the “Clusters” page and edit the non-host cluster using Kebab menu 

3. Enter “xyz.com” to the field “Exposed route host to image registry” and Click on “Update Cluster”

Actual result:

The UI shows connection successful

Expected result:

The connection should fail as it is not a valid route.

--- Additional comment from Xin jiang on 2021-12-10 14:33:30 UTC ---

Sachin:

When I enter "xyz.com" in "Expose route host to image registry" field, It shows connection successful.
But this is happening only with this string or sometimes with "xyza.com"
For all others invalid values that I tried, TestConnect is failing as expected.
Comment 1 Pranav Gaikwad 2022-02-28 08:07:48 UTC 
OpenShift image registries listen on API path "/v2". The MigCluster controller simply issues a GET request at the API path on provided Registry URL. If a response is not an error, it validates the Registry URL. If the response results in an error, it fails the validation. Now the fun part, "https://xyz.com/v2" actually is a valid API path and returns a 200 when a GET request is made. Hence this bug. To solve it, we need a more sophisticated health check mechanism to determine whether provided URL is valid or not.
Comment 3 Erik Nelson 2022-03-01 18:04:01 UTC 
Let's evaluate this in the 1.7.1 round and see if it makes sense to backport. It feels bad to be acknowledging that these are healthy when they are in fact, not. It's a bad health check.
Comment 14 errata-xmlrpc 2022-07-01 09:52:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5483