Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2054121

Summary: API and WebUI must disallow repo create with negative Retain package versions count
Product: Red Hat Satellite Reporter: Pavel Moravec <pmoravec>
Component: RepositoriesAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED ERRATA QA Contact: Cole Higgins <chiggins>
Severity: high Docs Contact:
Priority: high    
Version: 6.11.0CC: juwatts, sajha, sbible
Target Milestone: 6.11.0Keywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-07-05 14:33:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pavel Moravec 2022-02-14 08:41:53 UTC 
Description of problem:
It is possible to "create" a repo with negative Retain package versions count. Katello object is created, pulp rejects the repo create request with an error

{"retain_package_versions":["Ensure this value is greater than or equal to 0."]}

So we end up with katello repo but no pulp repo (and paused/error task).

Two pieces of a fix are required:
1) WebUI field to set the value must disallow negative values to be put (in fact I was able to reproduce the problem by a mistake by a) printing there value like 5, b) still focusing on the field and scrolling down on mouse - that lowered the typed number from 5 to e.g. -2)
2) API itself must reject negative values (as hammer or direct API can be used as well)


Version-Release number of selected component (if applicable):
Sat 7.0 snap 9


How reproducible:
100%


Steps to Reproduce:
1. Create (or modify) a repo, set Retain package versions to a negative value
2. Save the repo.
3. Use hammer or direct API call for the same.


Actual results:
2. WebUI allows that save.
3. hammer and directly API does allow that as well. (be aware, hammer has a bug that effectively ignores --retain-package-versions-count settings)


Expected results:
2. WebUI form does not allow even selecting a negative number.
3. API to reject negative values.


Additional info:
Comment 1 Pavel Moravec 2022-02-14 08:57:25 UTC 
See also related:

Bug 2054123 - hammer repository create ignores --retain-package-versions-count option
Comment 3 Samir Jha 2022-04-19 17:55:40 UTC 
This should be fixed by changes that went in as part of https://bugzilla.redhat.com/show_bug.cgi?id=2054123 and https://bugzilla.redhat.com/show_bug.cgi?id=2054008.
Comment 4 Brad Buckingham 2022-04-28 19:21:15 UTC 
Samir,

If this is resolved by the 2 bugzillas mentioned in comment 3, this bugzilla can go to ON_DEV.  This will allow the bugzilla to be 'handed off' to QE for verification with the next snap.  Any concerns with that approach?

Thanks!
Comment 5 Samir Jha 2022-04-28 19:37:05 UTC 
Hey Brad,

That sounds good. QE should be able to test this out with the other 2 BZs.
Comment 6 Sam Bible 2022-05-02 18:49:48 UTC 
Verified on
Sat 6.11 - 18

Note: Retain version count is only visible when setting mirroring policy to Additive 
Steps to Reproduce:
1. Create (or modify) a repo
2. Set mirroring policy to Additive, and set retain version count to a negative number
3. Save the repo.
4) Attempt to create a repo through hammer with a negative retain version count.

Expected results:
The UI will not allow you to save a package retain version count with a negative number
Hammer command will fail

Actual Results:
When saving with a negative retain version count, an error card appears letting you know that negative numbers are not valid values for retain version
hammer command returns an error, "Validation failed: Retain package versions count must not be a negative value."
Comment 9 errata-xmlrpc 2022-07-05 14:33:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5498