1139533 – Invalid action group identifiers in the roles_groups table trigger NPE

Bug 1139533 - Invalid action group identifiers in the roles_groups table trigger NPE

Summary: Invalid action group identifiers in the roles_groups table trigger NPE

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	oVirt
Classification:	Retired
Component:	ovirt-engine-core
Sub Component:
Version:	3.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	high
Target Milestone:	---
Target Release:	3.5.0
Assignee:	Ravi Nori
QA Contact:	Jiri Belka
Docs Contact:
URL:
Whiteboard:	infra
Duplicates (1):	1140636 (view as bug list)
Depends On:
Blocks:	1073943 1122419
TreeView+	depends on / blocked

Reported:	2014-09-09 07:17 UTC by Ondra Machacek
Modified:	2016-02-10 19:30 UTC (History)
CC List:	10 users (show)
Fixed In Version:	ovirt-3.5.0_rc2
Clone Of:
Environment:
Last Closed:	2014-10-17 12:34:36 UTC
oVirt Team:	Infra
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	32723	0	master	MERGED	core : Invalid action group identifiers in the roles_groups table	Never
oVirt gerrit	32730	0	ovirt-engine-3.5	MERGED	core : Invalid action group identifiers in the roles_groups table	Never

Description Ondra Machacek 2014-09-09 07:17:09 UTC

Description of problem:


Version-Release number of selected component (if applicable):
rhevm-restapi-3.5.0-0.10.master.el6ev.noarch

How reproducible:
always

Steps to Reproduce:curl -v -k -X GET -H "Accept: application/xml" -H "Content-Type: application/xml" -H "Filter: false" -u "admin@internal:123456" https://localhost:443/api/roles/00000000-0000-0000-0000-000000000001/permits
* About to connect() to localhost port 443 (#0)
*   Trying ::1... connected
* Connected to localhost (::1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* 	subject: CN=om-rh35.rhev.lab.eng.brq.redhat.com,O=rhev.lab.eng.brq.redhat.com,C=US
* 	start date: Sep 08 07:07:56 2014 GMT
* 	expire date: Aug 14 07:07:56 2019 GMT
* 	common name: om-rh35.rhev.lab.eng.brq.redhat.com
* 	issuer: CN=om-rh35.rhev.lab.eng.brq.redhat.com.82550,O=rhev.lab.eng.brq.redhat.com,C=US
* Server auth using Basic with user 'admin@internal'
> GET /api/roles/00000000-0000-0000-0000-000000000001/permits HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.3.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: localhost
> Accept: application/xml
> Content-Type: application/xml
> Filter: false
> 
< HTTP/1.1 500 Internal Server Error
< Date: Tue, 09 Sep 2014 07:15:13 GMT
< Content-Type: application/xml
< Content-Length: 103
< Vary: Accept-Encoding
< Connection: close
< 
* Closing connection #0
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><fault><reason>Operation Failed</reason></fault>

Expected results:
list of superuser permits


2014-09-09 09:16:47,463 INFO  [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp-/127.0.0.1:8702-6) Running command: LoginUserCommand internal: false.
2014-09-09 09:16:47,472 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/127.0.0.1:8702-6) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User admin logged in.
2014-09-09 09:16:47,510 ERROR [org.ovirt.engine.api.restapi.resource.validation.MappingExceptionMapper] (ajp-/127.0.0.1:8702-6) org.ovirt.engine.api.restapi.utils.MappingException: java.lang.reflect.InvocationTargetException
2014-09-09 09:16:47,517 INFO  [org.ovirt.engine.core.bll.aaa.LogoutBySessionCommand] (ajp-/127.0.0.1:8702-6) [3ae2e2b4] Running command: LogoutBySessionCommand internal: false.
2014-09-09 09:16:47,520 INFO  [org.ovirt.engine.core.bll.aaa.LogoutUserCommand] (ajp-/127.0.0.1:8702-6) [31785114] Running command: LogoutUserCommand internal: false.
2014-09-09 09:16:47,528 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/127.0.0.1:8702-6) [31785114] Correlation ID: 31785114, Call Stack: null, Custom Event ID: -1, Message: User admin logged out.

Comment 1 Ondra Machacek 2014-09-09 07:20:25 UTC

Same for 'ClusterAdmin' and 'DataCenterAdmin.

Comment 2 Juan Hernández 2014-09-09 09:01:22 UTC

This happens because the database table "roles_groups" contains two rows with values for the "action_group_id" column that don't exist in the backend "ActionGroup" enum. As a result when these rows are loaded the action group is null, and accessing it triggers a NPE.

The wrong values are 130 and 131. These have been introduced in the following patch in order to fix bug 989546:

  http://gerrit.ovirt.org/25685

Comment 3 Oved Ourfali 2014-09-14 08:06:21 UTC

*** Bug 1140636 has been marked as a duplicate of this bug. ***

Comment 4 Jiri Belka 2014-09-17 08:52:14 UTC

ok, ovirt-engine-backend-3.5.0-0.0.master.20140911085455.gite1c5ffd.el6.noarch

# curl -s -k -X GET -H "Accept: application/xml" -H "Content-Type: application/xml" -H "Filter: false" -u "admin@internal:123456" https://localhost:443/api/roles/00000000-0000-0000-0000-000000000001/permits | grep '<name>' | nl | tail
    68          <name>access_image_storage</name>
    69          <name>tag_management</name>
    70          <name>bookmark_management</name>
    71          <name>event_notification_management</name>
    72          <name>manipulate_affinity_groups</name>
    73          <name>add_users_and_groups_from_directory</name>
    74          <name>audit_log_management</name>
    75          <name>configure_storage_disk_profile</name>
    76          <name>create_storage_disk_profile</name>
    77          <name>delete_storage_disk_profile</name>l

Comment 5 Sandro Bonazzola 2014-10-17 12:34:36 UTC

oVirt 3.5 has been released and should include the fix for this issue.

Note You need to log in before you can comment on or make changes to this bug.