Bug 1476744 - No validation on the storage_domain parameter when creating VM disks attachments
No validation on the storage_domain parameter when creating VM disks attachments
Status: CLOSED CURRENTRELEASE
Product: ovirt-engine
Classification: oVirt
Component: BLL.Storage (Show other bugs)
4.2.0
Unspecified Unspecified
unspecified Severity unspecified (vote)
: ovirt-4.1.5
: 4.1.5.2
Assigned To: shani
Kevin Alon Goldblatt
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-31 06:31 EDT by shani
Modified: 2017-08-23 04:06 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Cause: There was no validation on the storage_domain parameter on SDK / REST API. Therefore, it was "possible" to create a vm's disk_attachment without a storage_domain. Consequence: Disk attachment has been created, and the storage_domain's parameter was set as the other VM's disk storage domain. Fix: Add validation for the storage_domain parameter which supplied by the user (as a part of SDK / REST API command parameters). Result: Error message which indicates that storage_domain wasn't supplied + operation stops.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-23 04:06:54 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Storage
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rule-engine: ovirt‑4.1+


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 80057 master MERGED core: Block adding disks without storage_domain 2017-08-02 10:10 EDT
oVirt gerrit 80139 ovirt-engine-4.1 MERGED core: Block adding disks without storage_domain 2017-08-06 02:07 EDT

  None (edit)
Description shani 2017-07-31 06:31:27 EDT
Description of problem:
When creating a new VM disk_attachment using the REST API, there's no validation on the storage_domain parameter, so it's "possible" to create a vm's disk_attachment without a storage_domain.
In this case, the storage domain would be determined by the first vm disk (returned by vm_disks[0]) storage domain. 

Version-Release number of selected component (if applicable):
Reproduced for 4.2 version, although according to the code, was probably present before that.

How reproducible:
100%

Steps to Reproduce:
1. Create a VM.
2. Create a disk and attach it to the VM. 
3. Using the REST API, run the following:

Method:
-------
POST

URL:
----
https://xxxx.xxxx.xxxx.xxxx.com/ovirt-engine/api/vms/<VM_ID>/diskattachments

Body:
-----
<disk_attachment>
<interface>ide</interface>
<active>true</active>
<disk>
<name>mydisk</name>
<provisioned_size>1024</provisioned_size>
<format>COW</format>
</disk>
</disk_attachment>


Actual results:
Disk attachment has been created, and the storage_domain's parameter was set as the other disk's storage domain. 

Expected results:
Error (Storage Domain hasn't been specified).

Additional info:
-
Comment 1 Allon Mureinik 2017-07-31 06:41:30 EDT
This behavior makes no sense (as the report suggests). I'd like to get this fixed sooner rather than later so we don't hit users relying on this broken behavior.
Comment 2 Allon Mureinik 2017-08-10 12:04:26 EDT
Shani, this is a user-visible behavior change. Can you please add some doctext explaining it?
Comment 3 Kevin Alon Goldblatt 2017-08-15 11:27:04 EDT
Verified with the following code:
------------------------------------------
ovirt-engine-4.1.5.2-0.1.el7.noarch
vdsm-4.19.27-1.el7ev

Verified with the following scenario:
------------------------------------------
Steps to Reproduce:
1. Create a VM.
2. Create a disk and attach it to the VM. 
3. Using the REST API, run the following:
>>>>> Correct error message displayed 

Method:
-------
POST

URL:
----
https://xxxx.xxxx.xxxx.xxxx.com/ovirt-engine/api/vms/<VM_ID>/diskattachments

Body:
-----
<disk_attachment>
<interface>ide</interface>
<active>true</active>
<disk>
<name>mydisk</name>
<provisioned_size>1024</provisioned_size>
<format>COW</format>
</disk>
</disk_attachment>


Message output from REST API

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<fault>
    <detail>[Cannot add Virtual Disk. Storage Domain hasn't been specified.]</detail>
    <reason>Operation Failed</reason>
</fault>



Moving to VERIFIED

Note You need to log in before you can comment on or make changes to this bug.