Bug 996177

Summary: Errors in server log after unassigning and reassigning again the same LDAP group in role assignment UI
Product: [JBoss] JBoss Operations Network Reporter: Sunil Kondkar <skondkar>
Component: UIAssignee: Heiko W. Rupp <hrupp>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Foley <mfoley>
Severity: high Docs Contact:
Priority: unspecified    
Version: JON 3.2CC: hrupp, myarboro
Target Milestone: ER03   
Target Release: JON 3.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-02 20:35:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Screenshot-UI_Warning
none
Server_log none

Description Sunil Kondkar 2013-08-12 15:09:27 UTC 
Description of problem:

Configured the LDAP configuration properties and navigated to role assignment UI. Assigned one LDAP group to the role and saved it. 

Again edited the role and unassigned the ldap group from the role, searched for the same ldap group and reassigned again to the role. 

After clicking save button, the UI displays warning 'Server returned FAILURE with no error message.' The server log displays BatchUpdateException.

Please find attached the UI warning message and server log errors.

Version-Release number of selected component (if applicable):

JBoss ON Version: 3.2.0.ALPHA_QA
Build Number: 1878d58:5e6b489
Postgres 8.3.8

How reproducible:

Always

Steps to Reproduce:

1. Configure the LDAP configuration properties in Administration->System Settings->LDAP Configuration Properties
2. Navigate to Administration->Roles
3. Create a role in Jboss ON and assign a LDAP group ( Ex: testgroup1 ) to the role and save.
4. Click on the role created above to edit.
5. Navigate to 'LDAP Groups' tab.
6. Unassign the LDAP group ( Ex: testgroup1 )
7. Search for the same LDAP group on the role assignment UI ( Ex: testgroup1 - If this step is not performed, the bug will not be reproducible)

8. Assign the same LDAP group again to the JBoss ON role after search.
9. Click on 'Save' button.
10. The JBoss ON UI shows the warning 'Server returned FAILURE with no error message.
11. The server log displays errors.

Actual results:

UI has a warning message and server log has errors

Expected results:

No errors in UI and server log.

Additional info:

1. If unassign a LDAP group and assign another LDAP group..no errors
2. If unassign a LDAP group and without doing a search, if the same LDAP group is assigned again, no errors
3. Reproducible with less than 10 LDAP groups - not an performance related bug. 
4. Reproducible on Windows 2003 AD server and Redhat Directory server 8.2.0
Comment 1 Sunil Kondkar 2013-08-12 15:11:00 UTC 
Created attachment 785749 [details]
Screenshot-UI_Warning
Comment 2 Sunil Kondkar 2013-08-12 15:11:29 UTC 
Created attachment 785751 [details]
Server_log
Comment 3 Heiko W. Rupp 2013-09-25 12:08:22 UTC 
20:24:44,556 WARN  [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (http-/0.0.0.0:7080-2) SQL Error: 0, SQLState: 23505
20:24:44,556 ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (http-/0.0.0.0:7080-2) Batch entry 0 insert into RHQ_ROLE_LDAP_GROUP (LDAP_GROUP_NAME, ROLE_ID, ID) values ('sunilgroupad', 10001, 10011) was aborted.  Call getNextException to see the cause.
20:24:44,556 WARN  [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (http-/0.0.0.0:7080-2) SQL Error: 0, SQLState: 23505
20:24:44,556 ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (http-/0.0.0.0:7080-2) ERROR: duplicate key value violates unique constraint "rhq_role_ldap_group_idx"

20:24:44,578 ERROR [org.jboss.as.ejb3.invocation] (http-/0.0.0.0:7080-2) JBAS014134: EJB Invocation failed on component RoleManagerBean for method public abstract org.rhq.core.domain.authz.Role org.rhq.enterprise.server.authz.RoleManagerLocal.updateRole(org.rhq.core.domain.auth.Subject,org.rhq.core.domain.authz.Role): 


/org/rhq/enterprise/server/authz/RoleManagerBean.java:468


            for (LdapGroup ldapGroup : currentLdapGroups) {
                if (!newLdapGroups.contains(ldapGroup)) {
                    attachedRole.removeLdapGroup(ldapGroup);
                    entityManager.remove(ldapGroup);
                }

the contains() succeeds and thus the if (!contains()) fails and the block is not removing the old association. Then in the next block that group-role is attached again, but fails, as a group with that name still exits.
Comment 4 Heiko W. Rupp 2013-09-25 12:09:37 UTC 
master 8e3e7bbe8ac0d
Comment 5 Simeon Pinder 2013-10-08 07:41:16 UTC 
Moving to ON_QA for testing.
Comment 6 Sunil Kondkar 2013-10-11 11:17:29 UTC 
Verified on Version: 3.2.0.ER3 Build Number: c0742ed:cbad264

Followed the steps and verified that there are no errors in UI and server log after unassigning and reassigning again the same LDAP group in role assignment UI.