Bug 2048537 - Exposed route host to image registry” connecting successfully to invalid registry “xyz.com”
Summary: Exposed route host to image registry” connecting successfully to invalid regi...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Migration Toolkit for Containers
Classification: Red Hat
Component: Controller
Version: 1.7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 1.7.2
Assignee: Pranav Gaikwad
QA Contact: ssingla
Richard Hoch
URL:
Whiteboard:
Depends On: 2031101
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-01-31 13:10 UTC by ssingla
Modified: 2022-07-01 09:53 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2031101
Environment:
Last Closed: 2022-07-01 09:52:59 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github konveyor mig-controller pull 1297 0 None open Bug 2048537: Improve exposed registry connection check 2022-05-11 17:22:02 UTC
Github konveyor mig-controller pull 1299 0 None open Bug 2048537: improve exposed registry connection check (#1297) 2022-05-11 18:21:40 UTC
Github konveyor mig-operator pull 816 0 None open Bug 2048537: Add exposed registry validation path 2022-05-11 17:22:02 UTC
Github konveyor mig-operator pull 817 0 None Merged Bug 2048537: add exposed registry validation path (#816) 2022-05-25 14:56:44 UTC
Red Hat Product Errata RHSA-2022:5483 0 None None None 2022-07-01 09:53:10 UTC

Description ssingla 2022-01-31 13:10:46 UTC 
+++ This bug was initially created as a clone of Bug #2031101 +++

Severity: Low
Priority: Low

Description of problem: 
When I enter "xyz.com" in "Expose route host to image registry" field, It shows connection successful.

Version-Release number of selected component (if applicable):
MTC 1.7.0
SOURCE CLUSTER: AWS 4.6 
TARGET CLUSTER: AWS 4.9 (CONTROLLER)

How reproducible:
Always

Steps to reproduce:
1.  Login to the MTC console 

2. Go to the “Clusters” page and edit the non-host cluster using Kebab menu 

3. Enter “xyz.com” to the field “Exposed route host to image registry” and Click on “Update Cluster”

Actual result:

The UI shows connection successful

Expected result:

The connection should fail as it is not a valid route.

--- Additional comment from Xin jiang on 2021-12-10 14:33:30 UTC ---

Sachin:

When I enter "xyz.com" in "Expose route host to image registry" field, It shows connection successful.
But this is happening only with this string or sometimes with "xyza.com"
For all others invalid values that I tried, TestConnect is failing as expected.
Comment 1 Pranav Gaikwad 2022-02-28 08:07:48 UTC 
OpenShift image registries listen on API path "/v2". The MigCluster controller simply issues a GET request at the API path on provided Registry URL. If a response is not an error, it validates the Registry URL. If the response results in an error, it fails the validation. Now the fun part, "https://xyz.com/v2" actually is a valid API path and returns a 200 when a GET request is made. Hence this bug. To solve it, we need a more sophisticated health check mechanism to determine whether provided URL is valid or not.
Comment 3 Erik Nelson 2022-03-01 18:04:01 UTC 
Let's evaluate this in the 1.7.1 round and see if it makes sense to backport. It feels bad to be acknowledging that these are healthy when they are in fact, not. It's a bad health check.
Comment 14 errata-xmlrpc 2022-07-01 09:52:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5483
Note You need to log in before you can comment on or make changes to this bug.