+++ This bug was initially created as a clone of Bug #2143716 +++

Description of problem:
DV Error message when trying to import without secret-headers shouldn't contain the stack trace

Version-Release number of selected component (if applicable):
4.12.0-682

How reproducible:
Always

Steps to Reproduce:

1. Create a VM, Stop it

2. Create a VMExport without specifying the tokenSecretRef:

$ cat vmexport-vm.yaml
apiVersion: export.kubevirt.io/v1alpha1
kind: VirtualMachineExport
metadata:
name: export-vm-object
spec:
source:
apiGroup: "kubevirt.io"
kind: VirtualMachine
name: vm-cirros-source

3. See VMExport certs and links are populated:

$ oc get vmexport export-vm-object -oyaml

3. Create a target VM using an internal link, without specifying the certConfigMap and secretExtraHeaders:

$ cat vm-target-internal-raw.yaml
apiVersion: kubevirt.io/v1alpha3
kind: VirtualMachine
metadata:
name: vm-cirros-target-1
labels:
kubevirt.io/vm: vm-cirros-target-1
spec:
dataVolumeTemplates:

• metadata:
  name: cirros-dv-target-1
  spec:
  storage:
  resources:
  requests:
  storage: 1Gi
  storageClassName: hostpath-csi-basic
  source:
  http:
  url: "https://virt-export-export-vm-object.default.svc/volumes/cirros-dv-source-ocs/disk.img"

1. certConfigMap: "router-cert"
2. secretExtraHeaders:
3. - secret-headers
   running: true
   template:
   metadata:
   labels:
   kubevirt.io/vm: vm-cirros-target-1
   spec:
   domain:
   devices:
   disks:

• disk:
  bus: virtio
  name: datavolumetarget
  machine:
  type: ""
  resources:
  requests:
  memory: 100M
  terminationGracePeriodSeconds: 0
  volumes:
• dataVolume:
  name: cirros-dv-target-1
  name: datavolumetarget

Actual results:

$ oc get vm -A
NAMESPACE NAME AGE STATUS READY
default vm-cirros-source 41m Stopped False
default vm-cirros-target-1 24m DataVolumeError False

$ oc describe dv cirros-dv-target-1 | grep Message
Message: PVC cirros-dv-target-1 Bound
Message: Unable to connect to http data source: Get "https://virt-export-export-vm-object.default.svc/volumes/cirros-dv-source-ocs/disk.img": x509: certificate signed by unknown authority HTTP request errored kubevirt.io/containerized-data-importer/pkg/importer.createHTTPReader /remote-source/app/pkg/importer/http-datasource.go:326 kubevirt.io/containerized-data-importer/pkg/importer.NewHTTPDataSource /remote-source/app/pkg/importer/http-datasource.go:100 main.newDataSource /remote-source/app/cmd/cdi-importer/importer.go:255 main.handleImport /remote-source/app/cmd/cdi-importer/importer.go:173 main.main /remote-source/app/cmd/cdi-importer/importer.go:143 runtime.main /usr/lib/golang/src/runtime/proc.go:250 runtime.goexit /usr/lib/golang/src/runtime/asm_amd64.s:1594

Expected results:
The Error message shouldn't contain the stack trace

— Additional comment from Yan Du on 2022-11-23 13:00:15 UTC —

Alexander, could we improve the error message to enable user to fix the problem for themselves?

— Additional comment from Red Hat Bugzilla on 2022-12-15 08:28:59 UTC —

Account disabled by LDAP Audit for extended failure

— Additional comment from Yan Du on 2023-02-01 13:11:22 UTC —

Alvaro, could you please take a look?

— Additional comment from Álvaro Romero on 2023-02-01 13:14:48 UTC —

@yadu@redhat.com sure!