AMQP credential verification does not set 'events' capability #925
Description
Summary
The verify_credentials method in app/models/manageiq/providers/openstack/cloud_manager.rb contains an early exit (return ret unless auth_type.nil?) that prevents the automatic setting of the capabilities["events"] flag when credentials are verified with an explicit auth_type (e.g., :amqp or :default).
This means the capability is only updated during the rare calls where auth_type is nil, while the explicit verification calls (which confirm AMQP connectivity) exit early, leaving the capability flag disabled and preventing the event catchers from starting automatically.
Environment
- ManageIQ Version: Radjabov-1 (and likely earlier/later versions using the same logic)
- OpenStack Version: Any version with AMQP
Problem Details
Location
app/models/manageiq/providers/openstack/cloud_manager.rb verify_credentials
Current Code (BROKEN)
def verify_credentials(auth_type = nil, options = {})
options[:service] ||= "Compute"
ret = super
return ret unless auth_type.nil? # ← EARLY EXIT HERE for auth_type != nil
capabilities["events"] = !!event_monitor_available? # ← This line is often skipped!
save! if changed?
true
endLog Evidence and Flow Analysis
The following log snippet clearly shows two failed attempts to update the capability where auth_type is not nil, followed by the original code's logic being bypassed.
| Timestamp | auth_type |
Log Message | Analysis |
|---|---|---|---|
10:56:28 |
:default |
✗ auth_type is NOT nil (default) - ORIGINAL CODE WOULD EXIT HERE! |
Failure 1: Called with :default (during initial save/validation). Original code exits before checking/setting capabilities. |
10:56:29 |
:amqp |
✗ auth_type is NOT nil (amqp) - ORIGINAL CODE WOULD EXIT HERE! |
Failure 2: Called explicitly for AMQP endpoint verification. Original code exits before checking/setting capabilities. |
Crux of the Issue: The event_monitor_available? check, which determines if the capability should be set to true, is skipped whenever auth_type is :amqp or :default. These calls are the critical moments where connectivity is confirmed and the capability should be set.
Impact
- Event catchers (cloud_manager, storage, network) do not start automatically.
- Requires a manual Rails console workaround to enable events:
ems.capabilities['events'] = true ems.save!
Proposed Fix
The capability update logic must be moved to execute after super and only when checking for the default connection or the AMQP connection.
def verify_credentials(auth_type = nil, options = {})
options[:service] ||= "Compute"
ret = super
# Logic to update the event capability is moved here to ensure it runs
# after super() succeeds, covering both auth_type=nil and auth_type="amqp".
if auth_type.nil? || auth_type.to_s == "amqp"
capabilities["events"] = !!event_monitor_available?
save! if changed?
end
return ret unless auth_type.nil?
true
endWrapping the capability update in if auth_type.nil? || auth_type.to_s == "amqp" ensures that the capability is checked and set only when relevant. By positioning this block before the early exit check, we guarantee that the event capability is updated immediately upon successful AMQP verification.
❓ Alternative Considerations / Questions
We propose the above change to automate the capability setting. However, we want to confirm the original design intent:
- Was the explicit early exit for non-
nilauth_typesintentional, requiring thecapabilities["events"]to be set manually or via a different code path for security or architectural reasons?
We are ready to submit a Pull Request (PR) with the proposed fix but are open to discussion if the original implementation was deliberate.
Labels
bug, critical, openstack, events, amqp