Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-24898

Improve the API and Hammer error message when content export fails due to lack of permissions

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • CLOSED
    • 0
    • Phoenix - Subscriptions
    • Moderate
    • To Do
    • No

      Description of problem:

      The main problem is reported in https://bugzilla.redhat.com/show_bug.cgi?id=2278609 along with reproducer steps.

      Now, The hardest part was to identify why the error logged in production.log was
      ~~~
      2024-05-02T15:17:36 [E|bac|c3dadce9] Validation failed: Label has already been taken, Name has already been taken (ActiveRecord::RecordInvalid)
      ~~~

      or hammer says this:
      ~~
      Could not export the library:
      422 Unprocessable Entity
      ~~

      When the issue was due to the lack of permissions to create a content view.

      It's even worse when someone uses Ansible module redhat.satellite.content_export_library to do the content export

      PLAY [Reproducer for Thales] **********************************************************************************************************************************************************************************************************

      TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************************
      ok: [satellite614.lab.internal]

      TASK [sat-export-library : Do a full export of the Library env] ***********************************************************************************************************************************************************************
      fatal: [satellite614.lab.internal]: FAILED! =>

      {"changed": false, "error": "Validation failed: Label has already been taken, Name has already been taken\n/usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/validations.rb:80:in `raise_validation_error'\n/usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/validations.rb:53:in `save!'\n/usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/transactions.rb:302:in `block in save!'\n/usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/transactions.rb:354:in `block in with_transaction_returning_status'\n/usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/connection_adapters/abstract/database_statements.rb:318:in `transaction'\n/usr/share/gems/gems/activerecord- ... huge traceback .... ... with_force_shutdown'\n/usr/share/gems/gems/puma-6.3.1/lib/puma/request.rb:99:in `handle_request'\n/usr/share/gems/gems/puma-6.3.1/lib/puma/server.rb:443:in `process_client'\n/usr/share/gems/gems/puma-6.3.1/lib/puma/server.rb:245:in `block in run'\n/usr/share/gems/gems/puma-6.3.1/lib/puma/thread_pool.rb:151:in `block in spawn_thread'\n/usr/share/gems/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'", .. "msg": "Error while performing library on content_exports: 422 Client Error: Unprocessable Content for url: https://satellite614.lab.internal/katello/api/content_exports/library"}

      PLAY RECAP ****************************************************************************************************************************************************************************************************************************
      satellite614.lab.internal : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

      Here we get to see two different error messages, one at the top of the traceback that says "Validation failed" and then another at the end, that says "Unprocessable Content for URL" but again none of them clearly says anything about any missing permissions at all.

      If i run the API call directly, That would also result into something like that i.e.

      1. curl -su sat_export:password@123 -X POST -H "Content-Type: application/json" https://`hostname -f`/katello/api/content_exports/library -d ' {"organization_id": 1, "format": "syncable", "destination_server": "disconnected_sat"}

        '
        Validation failed: Label has already been taken, Name has already been taken

      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/validations.rb:80:in `raise_validation_error'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/validations.rb:53:in `save!'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/transactions.rb:302:in `block in save!'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/transactions.rb:354:in `block in with_transaction_returning_status'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/connection_adapters/abstract/database_statements.rb:318:in `transaction'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/transactions.rb:350:in `with_transaction_returning_status'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/transactions.rb:302:in `save!'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/suppressor.rb:48:in `save!'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/persistence.rb:639:in `block in update!'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/transactions.rb:354:in `block in with_transaction_returning_status'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/connection_adapters/abstract/database_statements.rb:318:in `transaction'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/transactions.rb:350:in `with_transaction_returning_status'
      /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/persistence.rb:637:in `update!'
      /usr/share/gems/gems/katello-4.9.0.23/app/lib/actions/pulp3/orchestration/content_view_version/export_library.rb:18:in `plan'
      /usr/share/gems/gems/dynflow-1.7.0/lib/dynflow/action.rb:531:in `block (3 levels) in execute_plan'
      /usr/share/gems/gems/dynflow-1.7.0/lib/dynflow/middleware/stack.rb:27:in `pass'
      /usr/share/gems/gems/dynflow-1.7.0/lib/dynflow/middleware.rb:19:in `pass'
      /usr/share/gems/gems/dynflow-1.7.0/lib/dynflow/middleware.rb:36:in `plan'
      /usr/share/gems/gems/dynflow-1.7.0/lib/dynflow/middleware/stack.rb:23:in `call'

      Now, even if we fix the "Content Exporter" role, We cannot stop end-users from creating a new role with their own set of permissions and they can miss adding one or two permissions there and then run into a similar problem on their own. And without a clear error message, There is no way to easily identify the root cause here.

      Expected results:

      A) When the root cause is, User X does not have Y permission to do something, Then the error should be printed like that instead of saying "Validation failed: Label has already been taken, Name has already been taken" because that is a complete misdirection.

      B) hammer should show the same error message as API and needs to make sense.

      This
      ~~
      Could not export the library:
      422 Unprocessable Entity
      ~~
      is not something that says, some permissions are missing or the user X is unable to do Y.

      Additional info:

      NA

              jira-bugzilla-migration RH Bugzilla Integration
              rhn-support-saydas Sayan Das
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: