1707298 – Insufficient input validation for compute_attributes

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1707298 - Insufficient input validation for compute_attributes

Summary: Insufficient input validation for compute_attributes

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Compute Resources - VMWare
Sub Component:
Version:	6.5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	6.6.0
Assignee:	Ondřej Ezr
QA Contact:	Jitendra Yejare
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-05-07 08:45 UTC by Roman Plevka
Modified:	2019-10-22 19:52 UTC (History)
CC List:	10 users (show)
Fixed In Version:	foreman-1.22.0.1-1
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-10-22 19:52:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	26756	Normal	Closed	Drop invalid scsi_controller_type attribute	2020-05-07 04:33:02 UTC
Red Hat Bugzilla	1721334	unspecified	CLOSED	API host creation fails if scsi_controllers are empty on compute profile	2021-02-22 00:41:40 UTC
Red Hat Knowledge Base (Solution)	4123591	None	None	None	2019-05-09 08:34:26 UTC

Description Roman Plevka 2019-05-07 08:45:38 UTC

Description of problem:
passing invalid parameter value for compute_attribute parameter is not always handled correctly.
e.g. on creating VMWARE host using api, we're passing:

"scsi_controller_type=VirtualLsiLogic"
instead of (correct):
"scsi_controller_type=VirtualLsiLogicController"

- the attr. value is accepted just fine, but it results in the orchestration failure later in the flow:

"2019-04-28T04:11:04 [E|app|c38a5507] Unprocessable entity Host::Managed (id: new):
  Failed to create a compute MWAVldqBnE (VMware) instance vyfaufcjln.foo.bar.com: undefined method `new' for nil:NilClass"

- it would be fine to implement the input validation with some upstream tests.

Version-Release number of selected component (if applicable):
6.5.0 snap#26


Steps to Reproduce:
1. just POST to /hosts (in my example we used VMWARE compute resource) with some invalid compute_attribute (in our cae it was "scsi_controller_type"
2. observe the production.log


Actual results:
"  Failed to create a compute MWAVldqBnE (VMware) instance vyfaufcjln.foo.bar.com: undefined method `new' for nil:NilClass"

Expected results:
A proper error message is thrown early in the process.

Additional info:

Please, implement a set of tests upstream to test input validation

Comment 5 Bryan Kearney 2019-05-09 00:01:33 UTC

Upstream bug assigned to oezr

Comment 6 Bryan Kearney 2019-05-09 00:01:34 UTC

Upstream bug assigned to oezr

Comment 12 Jitendra Yejare 2019-06-11 13:49:02 UTC

The issue is reproduced on:

Satellite 6.6.0 snap 6

RPMs:
--------
foreman-1.22.0.1-1.el7sat.noarch
foreman-vmware-1.22.0.1-1.el7sat.noarch
tfm-rubygem-fog-vsphere-3.0.0-2.el7sat.noarch

Comment 13 Marek Hulan 2019-06-11 13:50:09 UTC

Ondrej, could you please take a look?

Comment 15 Jitendra Yejare 2019-06-12 09:39:04 UTC

Hey Ondrej,

Basically, I tested this bugzilla using Nailgun and hence in my comment 11 you can see this :

```
In [38]: vcp.compute_attribute[0].read().vm_attrs['scsi_controllers']
Out[38]: [{'type': 'abcd', 'key': 1000}]
```

where vcp is Compute Profile nailgun object. So above it shows that I set the 'scsi_controllers' type to 'abcd' which.

And then with that type I attempted to provision and it just failed with same error.


So If I test with correct 'scsi_controllers' type as 'VirtualLsiLogicController' the provisioning works.

Comment 16 Ondřej Ezr 2019-06-12 11:36:22 UTC

Ok, so you have the scsi_controller defined on the Compute Profile.
This BZ were not addressing such case as that have never worked.
This only addresses the 'scsi_controller_type' API attribute - mainly passed from hammer (directly to `host create` command).
It should be part of RFE for validation of Compute Attributes.

Sorry for bit misleading Title and description.

Comment 18 Jitendra Yejare 2019-06-13 08:16:32 UTC

Hello Ondrej,

This time I am getting some weird error:

```
# hammer host create --name vmhammer --compute-resource-id 1 --hostgroup-id 1 --location-id 2 --organization-id 1  --root-password passwd --compute-attributes "scsi_controller_type=VirtualLsiLogicController" --volume "datastore=Local-Ironforge,mode=Persistent,size_gb=10,thin=true" --compute-profile-id 4
Could not create the host:
  Failed to create a compute vmware_cr (VMware) instance vmhammer.satqe.lab.eng.rdu2.redhat.com: InvalidController: The device '1' is referring to a nonexisting controller '1,000'.
```

I can share setup with you if you want to debug.

Comment 19 Ondřej Ezr 2019-06-18 00:51:15 UTC

Hi Jitendra,

this error is due to a controllers are explicitly empty in compute profile.
This has never worked and doesn't work without the attribute eighter and thus cannot be considered a regression.

Would be lovely to work though and I have filed a separate BZ for that - see BZ 1721334, but I do not consider it as part of this BZ.
This is only about badly spelled controller type made the command to fail, but the correct value have not.

Comment 20 Jitendra Yejare 2019-06-19 06:56:14 UTC

Verified!

@Satellite 6.6 snap 7


Steps:
----------
1. Post hammer request to create a host with custom SCSI controller Type:
# hammer -d host create --compute-attributes "cpus=1,corespersocket=1,memory_mb=1024,cluster=Satellite_Engineering,path=/Datacenters/RH_Engineering/vm/QE,guest_id=rhel7_64Guest,scsi_controller_type=VirtualLsiLogicController,hardware_version=Default,start=1" --compute-resource-id 1 --hostgroup-id 1 --interface "compute_network=qe-sat6-feature-rhel7,compute_type=VirtualVmxnet3" --location-id 2 --name="bugverify" --organization-id 1 --provision-method="build" --pxe-loader="PXELinux BIOS" --root-password="dog8code" --volume="name=Hard disk,size_gb=10,thin=true,eager_zero=false,datastore=Local-Ironforge" 


Observation:
-------------
1. The host request is submitted with "scsi_controller_type"=>"VirtualLsiLogicController" successfully.

INFO 2019-06-19T02:47:39 HammerCLIForeman::Host::CreateCommand] Called with options: {"option_root_password"=>"***", "option_puppetclass_ids"=>[], "option_overwrite"=>true, "option_compute_attributes"=>{"cpus"=>"1", "corespersocket"=>"1", "memory_mb"=>"1024", "cluster"=>"Satellite_Engineering", "path"=>"/Datacenters/RH_Engineering/vm/QE", "guest_id"=>"rhel7_64Guest", "scsi_controller_type"=>"VirtualLsiLogicController", "hardware_version"=>"Default", "start"=>"1"}, "option_volume_list"=>[{"name"=>"Hard disk", "size_gb"=>"10", "thin"=>"true", "eager_zero"=>"false", "datastore"=>"Local-Ironforge"}], "option_interface_list"=>[{"compute_network"=>"qe-sat6-feature-rhel7", "compute_type"=>"VirtualVmxnet3"}], "option_location_id"=>2, "option_organization_id"=>1, "option_compute_resource_id"=>1, "option_hostgroup_id"=>1, "option_name"=>"bugverify", "option_pxe_loader"=>"PXELinux BIOS", "option_provision_method"=>"build"}

2. The host is created
# hammer -u admin -p changeme host list | grep bugverify
14 | bugverify.satqe.lab.eng.rdu2.redhat.com      | RedHat 7.6       | vmware_hg  | 10.8.<ip.hidden> | 00:50:56:be:<mac:hidden> | Warning       | rhel7_cv     | DEV

Comment 23 Bryan Kearney 2019-10-22 19:52:01 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3172

Note You need to log in before you can comment on or make changes to this bug.