Bug 1476744 - No validation on the storage_domain parameter when creating VM disks attachments
Summary: No validation on the storage_domain parameter when creating VM disks attachments
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: BLL.Storage
Version: 4.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ovirt-4.1.5
: 4.1.5.2
Assignee: shani
QA Contact: Kevin Alon Goldblatt
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-31 10:31 UTC by shani
Modified: 2017-08-23 08:06 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Cause: There was no validation on the storage_domain parameter on SDK / REST API. Therefore, it was "possible" to create a vm's disk_attachment without a storage_domain. Consequence: Disk attachment has been created, and the storage_domain's parameter was set as the other VM's disk storage domain. Fix: Add validation for the storage_domain parameter which supplied by the user (as a part of SDK / REST API command parameters). Result: Error message which indicates that storage_domain wasn't supplied + operation stops.
Clone Of:
Environment:
Last Closed: 2017-08-23 08:06:54 UTC
oVirt Team: Storage
Embargoed:
rule-engine: ovirt-4.1+


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 80057 0 master MERGED core: Block adding disks without storage_domain 2017-08-02 14:10:49 UTC
oVirt gerrit 80139 0 ovirt-engine-4.1 MERGED core: Block adding disks without storage_domain 2017-08-06 06:07:37 UTC

Description shani 2017-07-31 10:31:27 UTC
Description of problem:
When creating a new VM disk_attachment using the REST API, there's no validation on the storage_domain parameter, so it's "possible" to create a vm's disk_attachment without a storage_domain.
In this case, the storage domain would be determined by the first vm disk (returned by vm_disks[0]) storage domain. 

Version-Release number of selected component (if applicable):
Reproduced for 4.2 version, although according to the code, was probably present before that.

How reproducible:
100%

Steps to Reproduce:
1. Create a VM.
2. Create a disk and attach it to the VM. 
3. Using the REST API, run the following:

Method:
-------
POST

URL:
----
https://xxxx.xxxx.xxxx.xxxx.com/ovirt-engine/api/vms/<VM_ID>/diskattachments

Body:
-----
<disk_attachment>
<interface>ide</interface>
<active>true</active>
<disk>
<name>mydisk</name>
<provisioned_size>1024</provisioned_size>
<format>COW</format>
</disk>
</disk_attachment>


Actual results:
Disk attachment has been created, and the storage_domain's parameter was set as the other disk's storage domain. 

Expected results:
Error (Storage Domain hasn't been specified).

Additional info:
-

Comment 1 Allon Mureinik 2017-07-31 10:41:30 UTC
This behavior makes no sense (as the report suggests). I'd like to get this fixed sooner rather than later so we don't hit users relying on this broken behavior.

Comment 2 Allon Mureinik 2017-08-10 16:04:26 UTC
Shani, this is a user-visible behavior change. Can you please add some doctext explaining it?

Comment 3 Kevin Alon Goldblatt 2017-08-15 15:27:04 UTC
Verified with the following code:
------------------------------------------
ovirt-engine-4.1.5.2-0.1.el7.noarch
vdsm-4.19.27-1.el7ev

Verified with the following scenario:
------------------------------------------
Steps to Reproduce:
1. Create a VM.
2. Create a disk and attach it to the VM. 
3. Using the REST API, run the following:
>>>>> Correct error message displayed 

Method:
-------
POST

URL:
----
https://xxxx.xxxx.xxxx.xxxx.com/ovirt-engine/api/vms/<VM_ID>/diskattachments

Body:
-----
<disk_attachment>
<interface>ide</interface>
<active>true</active>
<disk>
<name>mydisk</name>
<provisioned_size>1024</provisioned_size>
<format>COW</format>
</disk>
</disk_attachment>


Message output from REST API

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<fault>
    <detail>[Cannot add Virtual Disk. Storage Domain hasn't been specified.]</detail>
    <reason>Operation Failed</reason>
</fault>



Moving to VERIFIED


Note You need to log in before you can comment on or make changes to this bug.