Bug 798509

Summary: Caught "ActiveResource::ServerError in KeysController#destroy " error when deleting the last non-default key which is also the first sshkey.
Product: OKD Reporter: Yujie Zhang <yujzhang>
Component: ocAssignee: Clayton Coleman <ccoleman>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: high    
Version: 2.xCC: rmillner, rpenta, xtian
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-04-13 18:34:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Error message
none
The first and non-default key
none
In old console page. none

Description Yujie Zhang 2012-02-29 05:39:59 UTC 
Created attachment 566462 [details]
Error message

Description of problem:

Caught "ActiveResource::ServerError in KeysController#destroy " error when deleting the last non-default key which is also the first sshkey.

Version-Release number of selected component (if applicable):
devenv_1649

How reproducible:always


Steps to Reproduce:
1.Go to Openshift website and login
2.Go to My Account page and add the first sshkey as non-default key
3.Try to delete this sshkey
  
Actual results:

Caught "ActiveResource::ServerError in KeysController#destroy " error.Details see in attachment.

Expected results:

The ssh key should be deleted successfully.

Additional info:
Comment 1 Yujie Zhang 2012-02-29 05:41:09 UTC 
Created attachment 566464 [details]
The first and non-default key
Comment 2 Yujie Zhang 2012-02-29 05:41:42 UTC 
Created attachment 566465 [details]
In old console page.
Comment 3 Clayton Coleman 2012-02-29 06:00:00 UTC 
This happens when the user

a) creates their domain
b) creates their first key with a different name than "default"
c) attempts to delete their first key.

I believe delete should succeed here (no reason you can't have 0 keys).

broker.response: "#<Net::HTTPInternalServerError 500 Internal Server Error readbody=true>"
broker.response.body: "{\"type\":null,\"data\":null,\"version\":\"1.0\",\"messages\":[{\"field\":null,\"severity\":\"error\",\"text\":\"Failed to delete SSH key blah for user test4 due to:ERROR: Can't remove all ssh keys for user test4\",\"exit_code\":null}],\"status\":\"internal_server_error\"}"
Comment 4 Yujie Zhang 2012-03-01 03:34:46 UTC 
Verify this bug on devenv-stage_139, it has been fixed now, thanks.
Comment 5 Yujie Zhang 2012-03-01 05:48:13 UTC 
This issue does not always happen,but it did happen some time,so assign it back,please check it again, the following is log message:

Started POST "/app/account/keys/UUUUUUUUUUUUUU" for 203.114.244.88 at Thu Mar 01 00:42:33 -0500 2012
[Barista] Copying all javascripts
  Processing by KeysController#destroy as HTML
  Parameters: {"id"=>"UUUUUUUUUUUUUU", "authenticity_token"=>"R2fzKNJl+GXmMzQ8/pfWBBGinU2TX8dVWWQSZwb6cPc="}
Checking for logout request
Not a logout request, checking for cookie
rh_sso cookie = '0|hPQxPEgOFt0nOell3QbYP4ls43sCvBXuN0A'
User has an authenticated session
Session ticket matches current ticket
Login required
Completed 500 Internal Server Error in 1416ms

ActiveResource::ServerError (Failed.  Response code = 500.  Response message = Internal Server Error.):
  app/controllers/keys_controller.rb:44:in `destroy'
Comment 6 Yujie Zhang 2012-03-02 06:17:13 UTC 
I think this issue happens when the default key is created and it's vaule it empty,just as the condition of attahcment of "In old console page",please check it.
Comment 7 Yujie Zhang 2012-03-16 05:31:03 UTC 
Still has this issue , please check it.
Comment 8 Ravi Sankar 2012-03-19 21:09:43 UTC 
We can allow 0 ssh keys with the domain but cli tools, java client may break during git push, creation of app(cloning repo), etc.
I can think of 2 options:

(1) Allow 0 ssh keys but update cli tools, java client to run rhc-chk or similar cmd which will inform the user about the missing ssh key during git pull/clone etc. failures.

(2) Until cli tools, java client is updated, keep at least 1 ssh key limitation and throw 403 instead of 500 error.

(1) is the right thing to do but I don't know when is the java client gets updated, what else may break without enough testing. For safer side, (2) may be desired.

FYI: To support (1), its a one line change in broker side.
     To enable 403 error in (2), broker can throw different exception to differentiate with genuine 500 errors.
Comment 9 Clayton Coleman 2012-03-19 21:20:51 UTC 
We should talk to the client team.  For the CLI tools, they are calling the old API and so should still be creating a new domain with an ssh key.  The Java tools should be doing that as well.  In order to use the new REST API, both have to make a change.  When they make that change they should fix their code to handle both checking and creating the first key.  So I don't think there's a problem with #1, as long as the old API continues to work.
Comment 10 Ravi Sankar 2012-03-21 18:47:31 UTC 
Fixed. Now we allow 0 ssh keys for the domain.
Comment 11 Yujie Zhang 2012-03-23 07:48:09 UTC 
Verify this bug on devenv_1670, it has been fixed now, thanks.