adding to ce-sprint-next

adding to ce-sprint-next

*** Bug 753878 has been marked as a duplicate of this bug. ***

We need support for this in Deltacloud API.  

We should have a something from DC guys by end of today: 12-01-12

adding to ce-sprint

removing ce-sprint-next tracker

We require support for checking valid credentials failures in Deltacloud.

I've filed a JIRA relating to this here: https://issues.apache.org/jira/browse/DTACLOUD-127

Solved DTACLOUD-127 on commit 2fbc147f9e3041b19f2c89e4d222ba2185486405

Ok picking this up now.

I'll add the changes to Conductor

The Deltacloud Commit I've received for the JIRA mention above only addresses the issue in the EC2 Driver.

We really need changes in all drivers in the client.  Ive left comments on the JIRA.

I've sent patch to the list that can be applied straight away and will fix this BZ once the changes are in DC

I have pushed Martyn's aforementioned patch to the staging repo:

commit d973cbbcc3ceec1fc273a342ed39dbddef0ea6d5
Author: Martyn Taylor <mtaylor>
Date:   Mon Feb 6 17:58:44 2012 +0000

    BZ#753880 Catch exceptions on DC valid credentials request
    
    Signed-off-by: Matt Wagner <matt.wagner>


As his comments above indicate, this does NOT complete this BZ. We are still waiting on some Deltacloud changes before the problem described in this bug is fully resolved.

Verified changes made to Deltacloud for https://issues.apache.org/jira/browse/DTACLOUD-127.

See test comments added to DTACLOUD-127. Tested for the error codes return by Deltacloud (server side) when working with:
1. valid provider/ invalid credentials
2. invalid provider/ valid credentials

Also tested that Conductor would show the user an error if a new provider account was saved with:
1. valid provider/ invalid credentials
2. invalid provider/ valid credentials

Tested provider types: ec2, rhevm, vsphere

rpms used to perform the above tests:

rpm -qa |grep deltacloud
deltacloud-core-ec2-0.5.0-5.el6.noarch
deltacloud-core-0.5.0-5.el6.noarch
deltacloud-core-vsphere-0.5.0-5.el6.noarch
deltacloud-core-doc-0.5.0-5.el6.noarch
deltacloud-core-all-0.5.0-5.el6.noarch
rubygem-deltacloud-client-0.5.0-2.el6.noarch
deltacloud-core-rhevm-0.5.0-5.el6.noarch

rpm -qa |grep aeolus
aeolus-conductor-daemons-0.8.0-22.el6.noarch
rubygem-aeolus-cli-0.3.0-7.el6.noarch
aeolus-conductor-doc-0.8.0-22.el6.noarch
aeolus-configure-2.5.0-11.el6.noarch
aeolus-all-0.8.0-22.el6.noarch
aeolus-conductor-0.8.0-22.el6.noarch
rubygem-aeolus-image-0.3.0-7.el6.noarch

5f8f89f in aeolus-conductor-0.8.0-27

Created attachment 565348 [details]
Conductor error - Invalid Provider, Valid Credentials

Created attachment 565350 [details]
Deltacloud error Invalid provider valid creds

Using Deltacloud, when supplying an invalid provider and valid creds, a variety of different errors are returned (as copied below). Conductor always returns the same error ... irrespective of the provider and whether the user provides valid provider/invalid creds or invalid provider/valid creds (see attachment)

***** Conductor error *******

Errors
Cannot add the provider account.
Errors

    1 error prohibited this record from being saved:
    An error occurred when checking provider credentials. Please check your setup and try again.



************

********* Deltacloud errors for invalid providers ********

Invalid Vsphere provider:

API_PROVIDER=10.16.120.137 deltacloudd -i vsphere -r hp-dl360g5-02.rhts.eng.bos.redhat.com -p 4006
 
$ curl -X GET --user 'username:password' "http://hp-dl360g5-02.rhts.eng.bos.redhat.com:4006/api/instances?format=xml"<error status='500' url='/api/instances?format=xml'>
  <kind>backend_error</kind>
  <backend driver='vsphere' provider='10.16.120.137'>
    <code>500</code>
  </backend>
  <message><![CDATA[Unhandled exception or status code (Undefined namespace prefix: //soapenv:Body/*)]]></message>
  <backtrace>
    <![CDATA[/usr/lib/ruby/gems/1.8/gems/nokogiri-1.5.0.beta.4/lib/nokogiri/xml/node.rb:159:in `evaluate'
    /usr/lib/ruby/gems/1.8/gems/nokogiri-1.5.0.beta.4/lib/nokogiri/xml/node.rb:159:in `xpath'


Invalid rhevm provider:
 
API_PROVIDER="https://10.16.120.230:8443/api;123456" deltacloudd -i rhevm -r hp-dl360g5-02.rhts.eng.bos.redhat.com -p 3008
 
curl -X GET --user 'username:password' "http://hp-dl360g5-02.rhts.eng.bos.redhat.com:3008/api/instances?format=xml"
<error status='404' url='/api/instances?format=xml'>
  <message>Resource not found</message>
</error>
 
>> In correct server;
API_PROVIDER="https://10.16.120.235:8443/api;123456" deltacloudd -i rhevm -r hp-dl360g5-02.rhts.eng.bos.redhat.com -p 3008
 
curl -X GET --user 'username:password' "http://hp-dl360g5-02.rhts.eng.bos.redhat.com:3008/api/instances?format=xml"
<error status='500' url='/api/instances?format=xml'>
  <kind>backend_error</kind>
  <backend driver='rhevm' provider='https://10.16.120.235:8443/api;123456'>
    <code>500</code>
  </backend>
  <message><![CDATA[Unhandled exception or status code (No route to host - connect(2))]]></message>
  <backtrace>


Invalid ec2 provider:
 
API_PROVIDER="east" deltacloudd -i ec2 -r hp-dl360g5-02.rhts.eng.bos.redhat.com -p 3009
 
curl -X GET --user 'username:password' "http://hp-dl360g5-02.rhts.eng.bos.redhat.com:3009/api/instances?format=xml"
<error status='502' url='/api/instances?format=xml'>
  <kind>backend_error</kind>
  <backend driver='ec2'>
    <code>502</code>
  </backend>
  <message><![CDATA[east temporarily unavailable: (getaddrinfo: Name or service not known)]]></message>
</error> 

Note no backtrace for ec2

******* Deltacloud errors for valid provider, invalid creds (401) *******

    Vsphere in correct password:
     
     curl -X GET --user 'username:hello' "http://hp-dl360g5-02.rhts.eng.bos.redhat.com:5006/api/instances?format=xml"<error status='401' url='/api/instances?format=xml'>
      <message><![CDATA[InvalidLogin: Cannot complete login due to an incorrect user name or password.]]></message>
    </error>
    [rlandy@localhost systemtests]$
     
     
     
    **************************************
     
    Rhevm incorrect password
     
     curl -X GET --user 'username:hello' "http://hp-dl360g5-02.rhts.eng.bos.redhat.com:3007/api/instances?format=xml"<error status='401' url='/api/instances?format=xml'>
      <message><![CDATA[401 Unauthorized]]></message>
    </error> 


**********************

Ec2 incorrect password:

Incorrect username/ correct password
 
[rlandy@localhost systemtests]$ curl -X GET --user 'uname:password' "http://hp-dl360g5-02.rhts.eng.bos.redhat.com:4000/api/instances?format=xml"
<error status='401' url='/api/instances?format=xml'>
  <message><![CDATA[AuthFailure: AWS was not able to validate the provided access credentials
  REQUEST=ec2.us-east-1.amazonaws.com:443/?AWSAccessKeyId=AKIAJCBB265A57CGKR2&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-02-23T18%3A05%3A36.000Z&Version=2010-08-31&Signature=LBGB5YTq%2F5o%2FSxn6958xO5gKNqMiOowrAMHbyJMTvAI%3D
  REQUEST ID=20ca4c06-7449-41d8-a2dd-c54702da8dca]]></message>
</error>
[rlandy@localhost systemtests]$

Consulted with Wes Hayutin ( component QE owner and reporter of the issue)...

For CloudForms 1.0,  returning the same error in Conductor whether the user provides valid provider/invalid creds or invalid provider/valid creds, is acceptable - especially since the Deltacloud log is available for further debugging.

Marking this bug as 'Verified' for CloudForms/ Aeolus-Conductor 1.0.0 ... cloning the record for an improvement in errors returned for a later version  - 1.1.0.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-0583.html