Bug 2159963

Summary: ForeignKeyViolation on ACS create when invalid --ssl-* argument is provided
Product: Red Hat Satellite Reporter: Vladimír Sedmík <vsedmik>
Component: Alternate Content SourcesAssignee: Quinn James <qjames>
Status: CLOSED ERRATA QA Contact: Chris Roberts <chrobert>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.13.0CC: chrobert, iballou, pcreech
Target Milestone: 6.13.0Keywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: tfm-rubygem-katello-4.7.0.17-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-03 13:24:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vladimír Sedmík 2023-01-11 08:28:43 UTC 
Description of problem:
PG::ForeignKeyViolation: ERROR is shown when trying to create an ACS via hammer and providing non-existent index for --ssl-ca-cert-id, --ssl-client-cert-id, --ssl-client-key-id argument.

The same error is shown for Simplified ACS creation, where these args are not applicable.


Version-Release number of selected component (if applicable):
6.13.0 snap 5


How reproducible:
always


Steps to Reproduce:
1. Have a Satellite with some Prods and Capsules you could refer to in 2.
2. Try to create an ACS:
# hammer alternate-content-source create --alternate-content-source-type simplified --name "Test SACS" --smart-proxy-ids 1,2 --product-ids 1 --content-type yum --ssl-ca-cert-id 2
# hammer alternate-content-source create --alternate-content-source-type simplified --name "Test SACS" --smart-proxy-ids 1,2 --product-ids 1 --content-type yum --ssl-client-cert-id 2
# hammer alternate-content-source create --alternate-content-source-type simplified --name "Test SACS" --smart-proxy-ids 1,2 --product-ids 1 --content-type yum --ssl-client-key-id 2

Note: No content-credential with id=2 exists on the Satellite.


Actual results:
Could not create the Alternate Content Source.:
  PG::ForeignKeyViolation: ERROR:  insert or update on table "katello_alternate_content_sources" violates foreign key constraint "katello_alternate_content_sources_ssl_client_cert_id"
  DETAIL:  Key (ssl_client_cert_id)=(2) is not present in table "katello_content_credentials".


Expected results:
Some wrapping error message for Custom ACS, in case of Simplified ACS some validation and same message as we have for the other not-applicable args (Validation failed: Ssl ca cert must be blank)
Comment 1 Quinn James 2023-02-07 15:41:52 UTC 
Created redmine issue https://projects.theforeman.org/issues/36051 from this bug
Comment 2 Ian Ballou 2023-02-15 17:55:32 UTC 
This is in progress.
Comment 3 Bryan Kearney 2023-02-28 00:03:29 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/36051 has been resolved.
Comment 4 Bryan Kearney 2023-02-28 00:03:49 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/36051 has been resolved.
Comment 6 Chris Roberts 2023-03-17 21:10:05 UTC 
Tested with latest snap and there is now an error message instead of a SQL error for content credential that does not exist. 

# hammer alternate-content-source create --alternate-content-source-type simplified --name "Test SACS" --smart-proxy-ids 1 --product-ids 1 --content-type yum --ssl-ca-cert-id 2
Could not create the Alternate Content Source.:
  Validation failed: Ssl ca cert must be blank

hammer alternate-content-source create --alternate-content-source-type simplified --name "Test SACS" --smart-proxy-ids 1 --product-ids 1 --content-type yum --ssl-client-cert-id 2
Could not create the Alternate Content Source.:
  Validation failed: Ssl client cert must be blank

hammer alternate-content-source create --alternate-content-source-type simplified --name "Test SACS" --smart-proxy-ids 1 --product-ids 1 --content-type yum --ssl-client-key-id 2
Could not create the Alternate Content Source.:
  Validation failed: Ssl client key must be blank

Marking as VERIFIED
Comment 9 errata-xmlrpc 2023-05-03 13:24:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.13 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2097