1348594 – [Release Candidate] validation skipped on azure when subscription id is populated

Bug 1348594 - [Release Candidate] validation skipped on azure when subscription id is populated

Summary: [Release Candidate] validation skipped on azure when subscription id is popul...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Providers
Sub Component:
Version:	5.6.0
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	GA
Target Release:	5.7.0
Assignee:	Daniel Berger
QA Contact:	Jeff Teehan
Docs Contact:
URL:
Whiteboard:	provider:azure:ui
Depends On:
Blocks:	1351678
TreeView+	depends on / blocked

Reported:	2016-06-21 14:20 UTC by Colin Arnott
Modified:	2017-01-12 04:58 UTC (History)
CC List:	11 users (show)
Fixed In Version:	5.7.0.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1351678 (view as bug list)
Environment:
Last Closed:	2017-01-11 19:57:31 UTC
Category:	---
Cloudforms Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Colin Arnott 2016-06-21 14:20:56 UTC

Description of problem:
on the azure provider: if any text is in the subscription field, all validation is skipped

Version-Release number of selected component (if applicable):
cfme-5.6.0.{8,11}

How reproducible:
trivial

Steps to Reproduce:
0. add an azure provider
1. enter any text the following fields:
 a. Tenant ID
 b. Subscription ID
 c. Client ID
 d. Client Key

Actual results:
The form returns: "Credential validation was successful"
On EMS refresh:
~~~
Error - 7 Minutes Ago
[] {"error":"invalid_client","error_description":"AADSTS70002: Error validating credentials. AADSTS50012: Invalid cli... 
~~~

Expected results:
The form returns: "Credential validation was not successful: Incorrect credentials - check your Azure Client ID and Client Key"

You enter valid credentials,
The form returns: "Credential validation was successful"
On EMS refresh:
~~~
Success - 7 Minutes Ago
~~~

Additional info:
~~~
[----] E, [2016-06-21T09:34:07.032642 #14207:7881420] ERROR -- : MIQ(ManageIQ::Providers::Azure::CloudManager::EventCatcher::Runner#start_event_monitor) EMS [] as [affcbef5-422f-4157-a631-975eeda3d08c] Event Monitor Thread aborted because [{"error":"invalid_client","error_description":"AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID: c7feeb07-fff5-4f82-984a-fb5abd38926b\r\nCorrelation ID: c457f4ed-f791-431b-ae21-64bdc56ae6d7\r\nTimestamp: 2016-06-21 13:34:06Z","error_codes":[70002,50012],"timestamp":"2016-06-21 13:34:06Z","trace_id":"c7feeb07-fff5-4f82-984a-fb5abd38926b","correlation_id":"c457f4ed-f791-431b-ae21-64bdc56ae6d7"}]
[----] E, [2016-06-21T09:34:07.032788 #14207:7881420] ERROR -- : [Azure::Armrest::UnauthorizedException]: {"error":"invalid_client","error_description":"AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID: c7feeb07-fff5-4f82-984a-fb5abd38926b\r\nCorrelation ID: c457f4ed-f791-431b-ae21-64bdc56ae6d7\r\nTimestamp: 2016-06-21 13:34:06Z","error_codes":[70002,50012],"timestamp":"2016-06-21 13:34:06Z","trace_id":"c7feeb07-fff5-4f82-984a-fb5abd38926b","correlation_id":"c457f4ed-f791-431b-ae21-64bdc56ae6d7"}  Method:[rescue in block in start_event_monitor]
[----] E, [2016-06-21T09:34:07.032879 #14207:7881420] ERROR -- : /opt/rh/cfme-gemset/gems/azure-armrest-0.2.6/lib/azure/armrest/armrest_service.rb:437:in `raise_api_exception'
/opt/rh/cfme-gemset/gems/azure-armrest-0.2.6/lib/azure/armrest/armrest_service.rb:385:in `rescue in rest_execute'
/opt/rh/cfme-gemset/gems/azure-armrest-0.2.6/lib/azure/armrest/armrest_service.rb:383:in `rest_execute'
/opt/rh/cfme-gemset/gems/azure-armrest-0.2.6/lib/azure/armrest/armrest_service.rb:393:in `rest_post'
/opt/rh/cfme-gemset/gems/azure-armrest-0.2.6/lib/azure/armrest/armrest_service.rb:43:in `fetch_token'
/opt/rh/cfme-gemset/gems/azure-armrest-0.2.6/lib/azure/armrest/armrest_service.rb:34:in `token'
/opt/rh/cfme-gemset/gems/azure-armrest-0.2.6/lib/azure/armrest/armrest_service.rb:181:in `fetch_subscription_id'
/opt/rh/cfme-gemset/gems/azure-armrest-0.2.6/lib/azure/armrest/armrest_service.rb:162:in `configure'
/var/www/miq/vmdb/app/models/manageiq/providers/azure/cloud_manager/event_catcher/stream.rb:65:in `create_event_service'
/var/www/miq/vmdb/app/models/manageiq/providers/azure/cloud_manager/event_catcher/stream.rb:61:in `connection'
/var/www/miq/vmdb/app/models/manageiq/providers/azure/cloud_manager/event_catcher/stream.rb:34:in `get_events'
/var/www/miq/vmdb/app/models/manageiq/providers/azure/cloud_manager/event_catcher/stream.rb:25:in `each_batch'
/var/www/miq/vmdb/app/models/manageiq/providers/azure/cloud_manager/event_catcher/runner.rb:13:in `monitor_events'
/var/www/miq/vmdb/app/models/manageiq/providers/base_manager/event_catcher/runner.rb:112:in `block in start_event_monitor'
/opt/rh/cfme-gemset/gems/logging-1.8.2/lib/logging/diagnostic_context.rb:323:in `call'
/opt/rh/cfme-gemset/gems/logging-1.8.2/lib/logging/diagnostic_context.rb:323:in `block in create_with_logging_context'
~~~

Comment 2 Daniel Berger 2016-06-21 15:24:59 UTC

This appears to be a UI issue where the credentials are not actually getting validated at all if any text is put into the subscription ID field.

I did a few UI tests.

First, I left the subscription ID field blank, and put valid credentials in for the client ID, client key, and tenant ID. I pressed the validate button and it validated successfully as expected.

Second, with the same credentials as above, I also put "asdf" (invalid credentials) in the subscription ID field and hit "validate". The validation was successful, but should not have been.

Third, I put "asdf" in the subscription ID field, and deliberately mangled the client ID credentials, then pressed the validate button. It still validated successfully, but should not have.

Lastly, I removed all text from the subscription ID field, and deliberately mangled the client ID credentials, then pressed the validate button. It did not validate successfully, as expected.

This combination of tests, in my opinion, confirms that validation is not happening if any data is placed in the subscription ID field. The code within the verify_credentials method in the manager_mixin.rb file looks alright to me, so I believe this is strictly a UI issue.

Comment 4 Daniel Berger 2016-06-21 17:04:51 UTC

Upon further review, this is an issue with the way we handle validation on the backend.  Internally we were relying on the fetch_subscription_id method within the azure-armrest gem to raise an error, but it only does that if no subscription_id is provided.

We will need to improve the validation on our end.

Comment 5 Jeff Teehan 2016-06-21 17:35:43 UTC

I'll take the qe job on this one.

Took a look at it.  If you enter an invalid subscription, it doesn't warn you, but on the backend, it does grab the default subscription and continues to work fine, just as if the user left the field blank.  A user would only have a problem if they had two or more subscriptions and entered an incorrect value for the non-default subscription.  This is an odd field as it shouldn't be validated if no value is enter, and should be validated when a value is entered.

Comment 6 Daniel Berger 2016-06-22 17:43:05 UTC

https://github.com/ManageIQ/manageiq/pull/9365

Comment 7 Jeff Teehan 2016-09-22 17:16:26 UTC

This is all fixed up in 5.7.0.2  Moving to verified.

Added Polarion test case id

Note You need to log in before you can comment on or make changes to this bug.