Bug 1139533 - Invalid action group identifiers in the roles_groups table trigger NPE
Summary: Invalid action group identifiers in the roles_groups table trigger NPE
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: oVirt
Classification: Retired
Component: ovirt-engine-core
Version: 3.5
Hardware: Unspecified
OS: Unspecified
urgent
high
Target Milestone: ---
: 3.5.0
Assignee: Ravi Nori
QA Contact: Jiri Belka
URL:
Whiteboard: infra
: 1140636 (view as bug list)
Depends On:
Blocks: 1073943 1122419
TreeView+ depends on / blocked
 
Reported: 2014-09-09 07:17 UTC by Ondra Machacek
Modified: 2016-02-10 19:30 UTC (History)
10 users (show)

Fixed In Version: ovirt-3.5.0_rc2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-17 12:34:36 UTC
oVirt Team: Infra

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
oVirt gerrit 32723 master MERGED core : Invalid action group identifiers in the roles_groups table Never
oVirt gerrit 32730 ovirt-engine-3.5 MERGED core : Invalid action group identifiers in the roles_groups table Never

Description Ondra Machacek 2014-09-09 07:17:09 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
rhevm-restapi-3.5.0-0.10.master.el6ev.noarch

How reproducible:
always

Steps to Reproduce:curl -v -k -X GET -H "Accept: application/xml" -H "Content-Type: application/xml" -H "Filter: false" -u "admin@internal:123456" https://localhost:443/api/roles/00000000-0000-0000-0000-000000000001/permits
* About to connect() to localhost port 443 (#0)
*   Trying ::1... connected
* Connected to localhost (::1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* 	subject: CN=om-rh35.rhev.lab.eng.brq.redhat.com,O=rhev.lab.eng.brq.redhat.com,C=US
* 	start date: Sep 08 07:07:56 2014 GMT
* 	expire date: Aug 14 07:07:56 2019 GMT
* 	common name: om-rh35.rhev.lab.eng.brq.redhat.com
* 	issuer: CN=om-rh35.rhev.lab.eng.brq.redhat.com.82550,O=rhev.lab.eng.brq.redhat.com,C=US
* Server auth using Basic with user 'admin@internal'
> GET /api/roles/00000000-0000-0000-0000-000000000001/permits HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.3.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: localhost
> Accept: application/xml
> Content-Type: application/xml
> Filter: false
> 
< HTTP/1.1 500 Internal Server Error
< Date: Tue, 09 Sep 2014 07:15:13 GMT
< Content-Type: application/xml
< Content-Length: 103
< Vary: Accept-Encoding
< Connection: close
< 
* Closing connection #0
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><fault><reason>Operation Failed</reason></fault>

Expected results:
list of superuser permits


2014-09-09 09:16:47,463 INFO  [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp-/127.0.0.1:8702-6) Running command: LoginUserCommand internal: false.
2014-09-09 09:16:47,472 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/127.0.0.1:8702-6) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User admin logged in.
2014-09-09 09:16:47,510 ERROR [org.ovirt.engine.api.restapi.resource.validation.MappingExceptionMapper] (ajp-/127.0.0.1:8702-6) org.ovirt.engine.api.restapi.utils.MappingException: java.lang.reflect.InvocationTargetException
2014-09-09 09:16:47,517 INFO  [org.ovirt.engine.core.bll.aaa.LogoutBySessionCommand] (ajp-/127.0.0.1:8702-6) [3ae2e2b4] Running command: LogoutBySessionCommand internal: false.
2014-09-09 09:16:47,520 INFO  [org.ovirt.engine.core.bll.aaa.LogoutUserCommand] (ajp-/127.0.0.1:8702-6) [31785114] Running command: LogoutUserCommand internal: false.
2014-09-09 09:16:47,528 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/127.0.0.1:8702-6) [31785114] Correlation ID: 31785114, Call Stack: null, Custom Event ID: -1, Message: User admin logged out.
Comment 1 Ondra Machacek 2014-09-09 07:20:25 UTC 
Same for 'ClusterAdmin' and 'DataCenterAdmin.
Comment 2 Juan Hernández 2014-09-09 09:01:22 UTC 
This happens because the database table "roles_groups" contains two rows with values for the "action_group_id" column that don't exist in the backend "ActionGroup" enum. As a result when these rows are loaded the action group is null, and accessing it triggers a NPE.

The wrong values are 130 and 131. These have been introduced in the following patch in order to fix bug 989546:

  http://gerrit.ovirt.org/25685
Comment 3 Oved Ourfali 2014-09-14 08:06:21 UTC 
*** Bug 1140636 has been marked as a duplicate of this bug. ***
Comment 4 Jiri Belka 2014-09-17 08:52:14 UTC 
ok, ovirt-engine-backend-3.5.0-0.0.master.20140911085455.gite1c5ffd.el6.noarch

# curl -s -k -X GET -H "Accept: application/xml" -H "Content-Type: application/xml" -H "Filter: false" -u "admin@internal:123456" https://localhost:443/api/roles/00000000-0000-0000-0000-000000000001/permits | grep '<name>' | nl | tail
    68          <name>access_image_storage</name>
    69          <name>tag_management</name>
    70          <name>bookmark_management</name>
    71          <name>event_notification_management</name>
    72          <name>manipulate_affinity_groups</name>
    73          <name>add_users_and_groups_from_directory</name>
    74          <name>audit_log_management</name>
    75          <name>configure_storage_disk_profile</name>
    76          <name>create_storage_disk_profile</name>
    77          <name>delete_storage_disk_profile</name>l
Comment 5 Sandro Bonazzola 2014-10-17 12:34:36 UTC 
oVirt 3.5 has been released and should include the fix for this issue.
Note You need to log in before you can comment on or make changes to this bug.