2122990 – VMExport should check APIGroup

Bug 2122990 - VMExport should check APIGroup

Summary: VMExport should check APIGroup

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	Storage
Sub Component:
Version:	4.12.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.12.0
Assignee:	Alexander Wels
QA Contact:	Jenia Peimer
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-08-31 13:42 UTC by Jenia Peimer
Modified:	2023-01-24 13:40 UTC (History)
CC List:	3 users (show)
Fixed In Version:	CNV v4.12.0-548
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-01-24 13:40:29 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	kubevirt kubevirt pull 8386	None	Merged	Update VM export validator to take APIGroup into account	2022-10-18 12:22:30 UTC
Red Hat Issue Tracker	CNV-20969	None	None	None	2022-11-03 12:31:08 UTC
Red Hat Product Errata	RHSA-2023:0408	None	None	None	2023-01-24 13:40:41 UTC

Description Jenia Peimer 2022-08-31 13:42:56 UTC

Description of problem:
To create VMExport object we need to specify the APIGroup of exported object

Version-Release number of selected component (if applicable):
4.12

How reproducible:
Always

Steps to Reproduce:
1. Create a VM
2. Create a VMSnapshot
3. Create a VMExport for VMSnapshot without specifying the APIGroup

$ cat vmexport-snapshot.yaml 
apiVersion: export.kubevirt.io/v1alpha1
kind: VirtualMachineExport
metadata:
    name: export-vmsnapshot
spec:
    source:
        kind: VirtualMachineSnapshot
        name: my-vmsnapshot
    tokenSecretRef: virt-export-token

Actual results:
The VMExport was created, but it is not Ready and doesn't show any error

$ oc get virtualmachineexport
NAME                SOURCEKIND               SOURCENAME      PHASE
export-vmsnapshot   VirtualMachineSnapshot   my-vmsnapshot 

Expected results:
VMExport will fail to create saying APIGroup needs to be specified

Comment 1 Jenia Peimer 2022-11-03 12:26:47 UTC

Verified on CNV-v4.12.0-665

Create a VM and VMSnapshot,

Create a token:

$ cat token.yaml 
apiVersion: v1
kind: Secret
metadata:
    name: virt-export-token
data:
    token: bXl0b2tlbg==

$ oc create -f token.yaml 
secret/virt-export-token created


Create VMExport with no API Group:

$ cat export-wrong-api-group.yaml 
apiVersion: export.kubevirt.io/v1alpha1
kind: VirtualMachineExport
metadata:
    name: export-vmsnapshot
spec:
    source:
        kind: VirtualMachineSnapshot
        name: my-vmsnapshot
    tokenSecretRef: virt-export-token

$ oc create -f export-wrong-api-group.yaml 
The request is invalid: spec.source.APIGroup: VMSnapshot API group must be snapshot.kubevirt.io


Create VMExport with the wrong API Group:

$ cat export-wrong-api-group.yaml
apiVersion: export.kubevirt.io/v1alpha1
kind: VirtualMachineExport
metadata:
    name: export-vmsnapshot
spec:
    source:
        apiGroup: "snapshot.kubevirt.io-hohoho"
        kind: VirtualMachineSnapshot
        name: my-vmsnapshot
    tokenSecretRef: virt-export-token

$ oc create -f export-wrong-api-group.yaml 
The request is invalid: spec.source.APIGroup: VMSnapshot API group must be snapshot.kubevirt.io

Comment 5 errata-xmlrpc 2023-01-24 13:40:29 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Virtualization 4.12.0 Images security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:0408

Note You need to log in before you can comment on or make changes to this bug.