Fixes #37772 - Add guardrails to HostsController

app/controllers/katello/api/v2/activation_keys_controller.rb

@@ -297,7 +297,7 @@ def find_content_view_environments
         find_cve_for_single
       elsif params[:content_view_environments] || params[:content_view_environment_ids]
         @content_view_environments = ::Katello::ContentViewEnvironment.fetch_content_view_environments(
-              labels: params[:content_view_environments],
+              candlepin_names: params[:content_view_environments],
               ids: params[:content_view_environment_ids],
               organization: @organization || @activation_key&.organization)
       end

app/controllers/katello/concerns/api/v2/hosts_controller_extensions.rb

@@ -3,6 +3,7 @@ module Concerns
     module Api::V2::HostsControllerExtensions
       extend ActiveSupport::Concern
       include ForemanTasks::Triggers
+      include ::Katello::Api::V2::ErrorHandling
 
       module Overrides
         def action_permission
@@ -46,16 +47,36 @@ def set_content_view_environments
           return if content_facet_attributes.blank? || @host&.content_facet.blank? ||
             (cve_params[:content_view_id].present? && cve_params[:lifecycle_environment_id].present?)
           cves = ::Katello::ContentViewEnvironment.fetch_content_view_environments(
-            labels: cve_params[:content_view_environments],
+            candlepin_names: cve_params[:content_view_environments],
             ids: cve_params[:content_view_environment_ids],
             organization: @organization || @host&.organization)
-
-          @host.content_facet.content_view_environments = cves if cves.present?
+          if cves.present?
+            @host.content_facet.content_view_environments = cves
+          else
+            handle_errors(candlepin_names: cve_params[:content_view_environments],
+              ids: cve_params[:content_view_environment_ids])
+          end
         end
 
         def cve_params
           params.require(:host).require(:content_facet_attributes).permit(:content_view_id, :lifecycle_environment_id, content_view_environments: [], content_view_environment_ids: [])
         end
+
+        def handle_errors(candlepin_names: [], ids: [])
+          if candlepin_names.present?
+            fail HttpErrors::UnprocessableEntity, "No content view environments found with names: #{candlepin_names.join(',')}"
+          elsif ids.present?
+            fail HttpErrors::UnprocessableEntity, "No content view environments found with ids: #{ids}"
+          end
+        rescue HttpErrors::UnprocessableEntity => error
+          respond_for_exception(
+            error,
+            :status => :unprocessable_entity,
+            :text => error.message,
+            :errors => [error.message],
+            :with_logging => true
+          )
+        end
       end
     end
   end

app/models/katello/content_view_environment.rb

@@ -75,16 +75,16 @@ def priority(content_object)
       end
     end
 
-    def self.fetch_content_view_environments(labels: [], ids: [], organization:)
+    def self.fetch_content_view_environments(candlepin_names: [], ids: [], organization:)
       # Must do maps here to ensure CVEs remain in the same order.
       # Using ActiveRecord .where will return them in a different order.
       if ids.present?
         ids.map! do |id|
           ::Katello::ContentViewEnvironment.find_by(id: id)
         end
         ids.compact
-      elsif labels.present?
-        environment_names = labels.map(&:strip)
+      elsif candlepin_names.present?
+        environment_names = candlepin_names.map(&:strip)
         environment_names.map! do |name|
           with_candlepin_name(name, organization: organization)
         end

test/controllers/api/v2/hosts_controller_test.rb

@@ -142,6 +142,59 @@ def test_host_update_with_cv_only
         :content_view_id => @cv2.id
       }
     }, session: set_session_user
+    assert_response :unprocessable_entity
+  end
+
+  def test_set_content_view_environments_with_valid_content_view_environs_param
+    Katello::Host::SubscriptionFacet.any_instance.expects(:backend_update_needed?).returns(false)
+    ::Host::Managed.any_instance.expects(:update_candlepin_associations)
+    host = FactoryBot.create(:host, :with_content, :with_subscription,
+                              :content_view => @content_view, :lifecycle_environment => @environment)
+    ::Katello::ContentViewEnvironment.expects(:fetch_content_view_environments).returns([katello_content_view_environments(:library_default_view_environment)])
+    put :update, params: {
+      :id => host.id,
+      :content_facet_attributes => {
+        :content_view_environments => ["Library"]
+      }
+    }, session: set_session_user
+    assert_response :success
+  end
+
+  def test_set_content_view_environments_with_valid_ids_param
+    Katello::Host::SubscriptionFacet.any_instance.expects(:backend_update_needed?).returns(false)
+    ::Host::Managed.any_instance.expects(:update_candlepin_associations)
+    host = FactoryBot.create(:host, :with_content, :with_subscription,
+                              :content_view => @content_view, :lifecycle_environment => @environment)
+    put :update, params: {
+      :id => host.id,
+      :content_facet_attributes => {
+        :content_view_environment_ids => [@cv4.content_view_environments.first.id]
+      }
+    }, session: set_session_user
+    assert_response :success
+  end
+
+  def test_set_content_view_environments_with_invalid_ids_param
+    host = FactoryBot.create(:host, :with_content, :with_subscription,
+                              :content_view => @content_view, :lifecycle_environment => @environment)
+    put :update, params: {
+      :id => host.id,
+      :content_facet_attributes => {
+        :content_view_environment_ids => ["invalid string"]
+      }
+    }, session: set_session_user
+    assert_response :unprocessable_entity
+  end
+
+  def test_set_content_view_environments_with_invalid_content_view_environs_param
+    host = FactoryBot.create(:host, :with_content, :with_subscription,
+                              :content_view => @content_view, :lifecycle_environment => @environment)
+    put :update, params: {
+      :id => host.id,
+      :content_facet_attributes => {
+        :content_view_environments => ["invalid string"]
+      }
+    }, session: set_session_user
     assert_response 422
   end