Bug 1494359 - [UPSTREAM] Unexpected error while deleting network router of cloud tenant
Summary: [UPSTREAM] Unexpected error while deleting network router of cloud tenant
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: unspecified
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: GA
: 5.10.0
Assignee: Karel Hala
QA Contact: Ganesh Hubale
URL:
Whiteboard: ui:tenant
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-22 06:32 UTC by Yadnyawalk Tale
Modified: 2019-02-07 23:02 UTC (History)
9 users (show)

Fixed In Version: 5.10.0.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-02-07 23:02:46 UTC
Category: Bug
Cloudforms Team: Openstack
Target Upstream Version:
ytale: automate_bug-


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:0212 None None None 2019-02-07 23:02:54 UTC

Comment 3 Martin Povolny 2017-09-26 12:08:07 UTC
So the problem here is not a simple one to fix.

You cannot delete a network router from a nested list of routers displayed on a cloud tennant. URL like this:

http://localhost:3000/cloud_tenant/show/10000000000004?display=network_routers

In the cloud_tenant controller there's code that tries to redirect to GET request to network_routers controller action delete_network_routers. There is such action it the code but there's no route in routes.rb for that.

Adding the route there would seemingly fix the issue. BUT it would actually create a XSRF vulnerability. GET request must NOT do destructive stuff. GET should not change things. And this would be the result if we "fixed" this by adding the route.

The proper fix here is to reimplement the 'delete' function on network routers via the API.

An ugly fix is to add call to the delete_network_routers function to the CloudTenantController.rb. That would be a mess.

Way to get around the bug is to not show the delete button on the nested list page. Have it only be displayed if on a details page for a network router or when displaying the list of network routers under the network_router controller.

My bet is this never worked.

Handing this over to the OpenStack team for decision and planning.

Comment 4 Andrey 2017-11-09 10:14:07 UTC
Added API delete action for Network Router https://github.com/ManageIQ/manageiq-api/pull/193

Comment 5 Martin Povolny 2018-01-16 07:53:14 UTC
I see no question here so resetting the needinfo flag.

Comment 6 Andrey 2018-02-05 13:00:53 UTC
Hello. After the API for 'delete' was implemented, could you take care of the rest of this BZ, adding a UI fix? Also, I can do it by myself, if it's necessary.

Comment 8 Karel Hala 2018-02-27 08:22:07 UTC
PR is out - https://github.com/ManageIQ/manageiq-ui-classic/pull/3436, however it's blocked by another PR. I will keep this issue updated.

Comment 9 Karel Hala 2018-05-07 08:34:44 UTC
PR was merged, sadly CFME bot did not recognized it.

Comment 11 errata-xmlrpc 2019-02-07 23:02:46 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:0212


Note You need to log in before you can comment on or make changes to this bug.