1321045 – no validation for default_download_policy setting value

Bug 1321045 - no validation for default_download_policy setting value

Summary: no validation for default_download_policy setting value

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Repositories
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high vote
Target Milestone:	Unspecified
Assignee:	David Davis
QA Contact:	Roman Plevka
Docs Contact:
URL:	http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-03-24 14:26 UTC by Roman Plevka
Modified:	2019-09-26 16:22 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-07-27 11:41:12 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	14364	0	None	None	None	2016-04-22 15:13:18 UTC

Description Roman Plevka 2016-03-24 14:26:50 UTC

Description of problem:
No validation at all applies to default_download_policy setting, so user can input whatever value.

```
# hammer -u admin -p changeme settings set --name default_download_policy --value they-told-me-i-could-be-anything-i-wanted-so-i-became-a-download-policy-value
Setting [default_download_policy] updated to [they-told-me-i-could-be-anything-i-wanted-so-i-became-a-download-policy-value]
# hammer -u admin -p changeme settings list | grep policy
default_download_policy                                | they-told-me-i-could-be-anything-i-wanted-so-i-became-a-download-policy-value | Default download policy for repositories (either 'immediate', 'on_demand', or...

```

- applies to UI and API as well.

Version-Release number of selected component (if applicable):
Satellite 6.2.0 Snap 5.1

How reproducible:


Actual results:
any value (including Null) accepted

Expected results:
should accept only: 'immediate', 'on_demand', or 'background'

Additional info:

Comment 2 Partha Aji 2016-03-28 17:16:47 UTC

Created redmine issue http://projects.theforeman.org/issues/14364 from this bug

Comment 3 Bryan Kearney 2016-03-29 14:07:56 UTC

Moving to POST since upstream bug http://projects.theforeman.org/issues/14364 has been closed
-------------
David Davis
Applied in changeset commit:katello|17a42c0e4de23013ccdb4db79a4f5c32938e6239.

Comment 4 Roman Plevka 2016-05-09 09:47:33 UTC

VERIFIED
on sat6.2.0 Beta (GA10.1)

UI provides a dropdown menu now

CLI:
# hammer -u admin -p changeme settings set --name default_download_policy --value foo
Could not update the setting:
  Value is not included in the list
# hammer -u admin -p changeme settings set --name default_download_policy --value ""
Could not update the setting:
  Value is not included in the list
# hammer -u admin -p changeme settings set --name default_download_policy --value "immediate1"
Could not update the setting:
  Value is not included in the list
# hammer -u admin -p changeme settings set --name default_download_policy --value "immediate"
Setting [default_download_policy] updated to [immediate]


API:
[root ~]# curl -k -u admin:changeme  -H 'Content-Type: application/json' -X PUT -d '{"value": "on_demand"}' https://sat6.server.com/api/v2/settings/29
{"value":"on_demand","description":"Default download policy for repositories (either 'immediate', 'on_demand', or 'background')","category":"Setting::Katello","settings_type":"string","default":"immediate","created_at":"2016-05-02 09:20:52 UTC","updated_at":"2016-05-09 09:09:14 UTC","id":29,"name":"default_download_policy"}

# curl -k -u admin:changeme  -H 'Content-Type: application/json' -X PUT -d '{"value": "foo"}' https://sat6.server.com/api/v2/settings/29{
  "error": {"id":29,"errors":{"value":["is not included in the list"]},"full_messages":["Value is not included in the list"]}
}
 
[root ~]# curl -k -u admin:changeme  -H 'Content-Type: application/json' -X PUT -d '{"value": ""}' https://sat6.server.com/api/v2/settings/29
{
  "error": {"id":29,"errors":{"value":["is not included in the list"]},"full_messages":["Value is not included in the list"]}
}

[root ~]# curl -k -u admin:changeme  -H 'Content-Type: application/json' -X PUT -d '{"value": "immediate_lol"}' https://sat6.server.com/api/v2/settings/29
{
  "error": {"id":29,"errors":{"value":["is not included in the list"]},"full_messages":["Value is not included in the list"]}
}

[root ~]# curl -k -u admin:changeme  -H 'Content-Type: application/json' -X PUT -d '{"value": "immediat"}' https://sat6.server.com/api/v2/settings/29{
  "error": {"id":29,"errors":{"value":["is not included in the list"]},"full_messages":["Value is not included in the list"]}
}

[root ~]# curl -k -u admin:changeme  -H 'Content-Type: application/json' -X PUT -d '{"value": "immediate", "foo":"bar"}' https://sat6.server.com/api/v2/settings/29
{"value":"immediate","description":"Default download policy for repositories (either 'immediate', 'on_demand', or 'background')","category":"Setting::Katello","settings_type":"string","default":"immediate","created_at":"2016-05-02 09:20:52 UTC","updated_at":"2016-05-09 09:09:54 UTC","id":29,"name":"default_download_policy"}

Comment 5 Bryan Kearney 2016-07-27 11:41:12 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501

Note You need to log in before you can comment on or make changes to this bug.