Bug 1124891 - [oVirt][Foreman] return a proper error message on root password policy violation
Summary: [oVirt][Foreman] return a proper error message on root password policy violation
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: General
Version: ---
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: ovirt-4.2.0
: ---
Assignee: Yaniv Bronhaim
QA Contact: Petr Kubica
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-30 14:56 UTC by Moti Asayag
Modified: 2019-04-28 13:59 UTC (History)
11 users (show)

Fixed In Version: vt13
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-07-04 12:22:05 UTC
oVirt Team: Infra
rule-engine: ovirt-4.2+
ylavi: planning_ack+
rule-engine: devel_ack+
pstehlik: testing_ack+


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
oVirt gerrit 34973 master MERGED Parsing http body return on error and improve output Never
oVirt gerrit 35201 ovirt-engine-3.5 MERGED Parsing http body return on error and improve output Never

Description Moti Asayag 2014-07-30 14:56:30 UTC
Description of problem:
Since foreman prevents root passwords shorter than 8 characters, it should be enforced on the engine side as well - both on UI and backend.

Version-Release number of selected component (if applicable):
commit ac985911a69317a6a974f3a0b754b5cddf177bad

How reproducible:
always

Steps to Reproduce:
1. Add a host with password shorter than 8 characters

Actual results:
The action fails with a generic message ("Cannot connect to provider").

Expected results:
Unsupported passwords should be blocked on engine-side

Comment 1 Oved Ourfali 2014-08-05 09:42:13 UTC
The policy for that may vary depending on configuration on the Foreman side.
I suggest to give a proper error message in this case, instead of validating.

Changed the title accordingly.

Comment 2 Yaniv Bronhaim 2014-10-21 10:01:00 UTC
when the password is too short, or failed in any foreman's validation, we receive Authorized user admin(Admin User)
Connected to server.
Client connected.
Unprocessable entity Host::Discovered (id: 14):
  Root password should be 8 characters or more

  Rendered api/v2/errors/unprocessable_entity.json.rabl within api/v2/layouts/error_layout (22.2ms)
Completed 422 Unprocessable Entity in 3317ms (Views: 55.0ms | ActiveRecord: 636.3ms)


in engine's side, i can just see the HTTP Status-Code 422.
so its either having specific handling for status-code 422 or leaving the general handling which says "Error while executing action New Host: Failed to communicate with the external provider."

it would be much nicer if foreman would had to the response body the fail reason, but currently that's not the case..

Comment 3 Yaniv Bronhaim 2014-11-11 10:52:20 UTC
Foreman sends the response nicely now. this response in bare English which is a bit problematic to expose to the ui. For now I keep throw PROVIDER_FAILURE and full description will be reported in engine.log. is that enough or you have better suggestion here?

Comment 4 Oved Ourfali 2014-11-16 11:12:25 UTC
(In reply to Yaniv Bronhaim from comment #3)
> Foreman sends the response nicely now. this response in bare English which
> is a bit problematic to expose to the ui. For now I keep throw
> PROVIDER_FAILURE and full description will be reported in engine.log. is
> that enough or you have better suggestion here?

I think it is enough. 
Question for the future - Any way to sent the locale to Foreman as well?

Also, please port to ovirt-engine-3.5.

Comment 5 movciari 2015-04-13 14:02:35 UTC
vt13 is a 3.5 build and this bug has 3.6 target release, also, we don't have 3.6 build so it shouldn't be ON_QA yet
Could you fix the status and fixed in version, please?

Comment 6 Yaniv Bronhaim 2015-04-21 15:10:34 UTC
so it was fixed as part of 3.5 build. means that any 3.6 build should include it

Comment 9 movciari 2016-02-24 17:21:55 UTC
webadmin dialog says: Error while executing action New Host: Failed to communicate with the external provider, see log for additional details.
engine.log is not much more informative

Comment 10 Red Hat Bugzilla Rules Engine 2016-02-24 17:22:01 UTC
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.

Comment 11 Yaniv Bronhaim 2016-02-24 18:39:32 UTC
I don't recall the versions we used to work with - but foreman api used to return json response - {'error': 'Root password should be 8 characters or more'} which the patch for that bug adds to engine.log. as it seems - now foreman doesn't return any object. 

Ohad, can you take a look? maybe its an old version or we use old api path?
movciari says that he's using foreman 6.1.3

snip
---

2016-02-24 15:15:58 [I] Authorized user admin(Admin User)
2016-02-24 15:16:00 [E] Unprocessable entity Host::Discovered (id: 6):
  Root password should be 8 characters or more

2016-02-24 15:16:00 [I]   Rendered api/v2/errors/unprocessable_entity.json.rabl within api/v2/layouts/error_layout (2.0ms)
2016-02-24 15:16:00 [I] Completed 422 Unprocessable Entity in 1467ms (Views: 25.6ms | ActiveRecord: 82.0ms)
2016-02-24 15:16:26 [I] init config for SecureHeaders::Configuration
2016-02-24 15:16:31 [I] Client connected.

--

Comment 14 Ohad Levy 2016-03-07 12:42:45 UTC
it should provide that in a clean error hash, can you provide the json api response here?

Comment 15 Sandro Bonazzola 2016-05-02 09:48:53 UTC
Moving from 4.0 alpha to 4.0 beta since 4.0 alpha has been already released and bug is not ON_QA.

Comment 16 Yaniv Lavi 2016-05-23 13:13:33 UTC
oVirt 4.0 beta has been released, moving to RC milestone.

Comment 17 Oved Ourfali 2017-07-04 12:22:05 UTC
I don't see us prioritizing that.
Closing as WONTFIX.

Comment 18 Lukas Svaty 2017-07-14 07:38:05 UTC
Oved: Maybe we can consider at least to be documented, either hint inside WA portal on password or mentioned inside external provides documentation?

Petr: Can you please check if this is documented somewhere? (UI Portals, docuemtnation pages)

Comment 19 Oved Ourfali 2017-07-24 11:21:32 UTC
(In reply to Lukas Svaty from comment #18)
> Oved: Maybe we can consider at least to be documented, either hint inside WA
> portal on password or mentioned inside external provides documentation?
> 

I don't think it worth the efforts around it.


Note You need to log in before you can comment on or make changes to this bug.