Bug 2224113
| Summary: | ACS bulk refresh through API silently sanitizes input ids | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Quinn James <qjames> |
| Component: | Alternate Content Sources | Assignee: | Samir Jha <sajha> |
| Status: | CLOSED ERRATA | QA Contact: | Vladimír Sedmík <vsedmik> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.13.0 | CC: | iballou, pcreech, rlavi, sajha, vsedmik |
| Target Milestone: | 6.14.0 | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | rubygem-katello-4.9.0.11-1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-11-08 14:19:57 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Quinn James
2023-07-19 19:48:19 UTC
I just confirmed this behavior also occurs for bulk delete of alternate content sources. Created redmine issue https://projects.theforeman.org/issues/36634 from this bug Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/36634 has been resolved. Verified in 6.14.0 snap 11 1) Invalid ids are caught on bulk actions and proper error message is displayed: [root@sat ~]# curl -X POST -su admin:nene -H "Content-type: application/json" https://$(hostname)/katello/api/alternate_content_sources/bulk/refresh --data '{"ids": [1,2,3]}' | jq { "displayMessage": "Could not find alternate content sources with id: [\"3\"] . You either do not have required permissions, or these alternate content sources do not exist.", "errors": [ "Could not find alternate content sources with id: [\"3\"] . You either do not have required permissions, or these alternate content sources do not exist." ] } [root@sat ~]# curl -X PUT -su admin:nene -H "Content-type: application/json" https://$(hostname)/katello/api/alternate_content_sources/bulk/destroy --data '{"ids": [1,2,3]}' | jq { "displayMessage": "Could not find alternate content sources with id: [\"3\"] . You either do not have required permissions, or these alternate content sources do not exist.", "errors": [ "Could not find alternate content sources with id: [\"3\"] . You either do not have required permissions, or these alternate content sources do not exist." ] } 2) Valid ids are accepted and actions run: [root@sat ~]# curl -X POST -su admin:nene -H "Content-type: application/json" https://$(hostname)/katello/api/alternate_content_sources/bulk/refresh --data '{"ids": [1,2]}' | jq { "id": "37491c3a-940b-40fa-8f14-585128b92086", "label": "Actions::BulkAction", "pending": true, "action": "Bulk action", ... } [root@sat ~]# curl -X PUT -su admin:nene -H "Content-type: application/json" https://$(hostname)/katello/api/alternate_content_sources/bulk/destroy --data '{"ids": [1,2]}' | jq { "id": "eda91f3e-62ef-4ada-b65c-0620ab02fc3e", "label": "Actions::BulkAction", "pending": true, "action": "Bulk action", ... } Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Satellite 6.14 security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:6818 |