1494359 – [UPSTREAM] Unexpected error while deleting network router of cloud tenant

Bug 1494359 - [UPSTREAM] Unexpected error while deleting network router of cloud tenant

Summary: [UPSTREAM] Unexpected error while deleting network router of cloud tenant

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	UI - OPS
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	GA
Target Release:	5.10.0
Assignee:	Karel Hala
QA Contact:	Ganesh Hubale
Docs Contact:
URL:
Whiteboard:	ui:tenant
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-09-22 06:32 UTC by Yadnyawalk Tale
Modified:	2019-02-07 23:02 UTC (History)
CC List:	9 users (show)
Fixed In Version:	5.10.0.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-02-07 23:02:46 UTC
Category:	Bug
Cloudforms Team:	Openstack
Target Upstream Version:
Embargoed:
Flags:	ytale: automate_bug-

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2019:0212	0	None	None	None	2019-02-07 23:02:54 UTC

Comment 3 Martin Povolny 2017-09-26 12:08:07 UTC

So the problem here is not a simple one to fix.

You cannot delete a network router from a nested list of routers displayed on a cloud tennant. URL like this:

http://localhost:3000/cloud_tenant/show/10000000000004?display=network_routers

In the cloud_tenant controller there's code that tries to redirect to GET request to network_routers controller action delete_network_routers. There is such action it the code but there's no route in routes.rb for that.

Adding the route there would seemingly fix the issue. BUT it would actually create a XSRF vulnerability. GET request must NOT do destructive stuff. GET should not change things. And this would be the result if we "fixed" this by adding the route.

The proper fix here is to reimplement the 'delete' function on network routers via the API.

An ugly fix is to add call to the delete_network_routers function to the CloudTenantController.rb. That would be a mess.

Way to get around the bug is to not show the delete button on the nested list page. Have it only be displayed if on a details page for a network router or when displaying the list of network routers under the network_router controller.

My bet is this never worked.

Handing this over to the OpenStack team for decision and planning.

Comment 4 Andrey 2017-11-09 10:14:07 UTC

Added API delete action for Network Router https://github.com/ManageIQ/manageiq-api/pull/193

Comment 5 Martin Povolny 2018-01-16 07:53:14 UTC

I see no question here so resetting the needinfo flag.

Comment 6 Andrey 2018-02-05 13:00:53 UTC

Hello. After the API for 'delete' was implemented, could you take care of the rest of this BZ, adding a UI fix? Also, I can do it by myself, if it's necessary.

Comment 8 Karel Hala 2018-02-27 08:22:07 UTC

PR is out - https://github.com/ManageIQ/manageiq-ui-classic/pull/3436, however it's blocked by another PR. I will keep this issue updated.

Comment 9 Karel Hala 2018-05-07 08:34:44 UTC

PR was merged, sadly CFME bot did not recognized it.

Comment 11 errata-xmlrpc 2019-02-07 23:02:46 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:0212

Note You need to log in before you can comment on or make changes to this bug.