Bug 2054121
| Summary: | API and WebUI must disallow repo create with negative Retain package versions count | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Pavel Moravec <pmoravec> |
| Component: | Repositories | Assignee: | satellite6-bugs <satellite6-bugs> |
| Status: | CLOSED ERRATA | QA Contact: | Cole Higgins <chiggins> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.11.0 | CC: | juwatts, sajha, sbible |
| Target Milestone: | 6.11.0 | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-07-05 14:33:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
See also related: Bug 2054123 - hammer repository create ignores --retain-package-versions-count option This should be fixed by changes that went in as part of https://bugzilla.redhat.com/show_bug.cgi?id=2054123 and https://bugzilla.redhat.com/show_bug.cgi?id=2054008. Samir, If this is resolved by the 2 bugzillas mentioned in comment 3, this bugzilla can go to ON_DEV. This will allow the bugzilla to be 'handed off' to QE for verification with the next snap. Any concerns with that approach? Thanks! Hey Brad, That sounds good. QE should be able to test this out with the other 2 BZs. Verified on Sat 6.11 - 18 Note: Retain version count is only visible when setting mirroring policy to Additive Steps to Reproduce: 1. Create (or modify) a repo 2. Set mirroring policy to Additive, and set retain version count to a negative number 3. Save the repo. 4) Attempt to create a repo through hammer with a negative retain version count. Expected results: The UI will not allow you to save a package retain version count with a negative number Hammer command will fail Actual Results: When saving with a negative retain version count, an error card appears letting you know that negative numbers are not valid values for retain version hammer command returns an error, "Validation failed: Retain package versions count must not be a negative value." Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5498 |
Description of problem: It is possible to "create" a repo with negative Retain package versions count. Katello object is created, pulp rejects the repo create request with an error {"retain_package_versions":["Ensure this value is greater than or equal to 0."]} So we end up with katello repo but no pulp repo (and paused/error task). Two pieces of a fix are required: 1) WebUI field to set the value must disallow negative values to be put (in fact I was able to reproduce the problem by a mistake by a) printing there value like 5, b) still focusing on the field and scrolling down on mouse - that lowered the typed number from 5 to e.g. -2) 2) API itself must reject negative values (as hammer or direct API can be used as well) Version-Release number of selected component (if applicable): Sat 7.0 snap 9 How reproducible: 100% Steps to Reproduce: 1. Create (or modify) a repo, set Retain package versions to a negative value 2. Save the repo. 3. Use hammer or direct API call for the same. Actual results: 2. WebUI allows that save. 3. hammer and directly API does allow that as well. (be aware, hammer has a bug that effectively ignores --retain-package-versions-count settings) Expected results: 2. WebUI form does not allow even selecting a negative number. 3. API to reject negative values. Additional info: