Bug 1273820

Summary: Command line options should take precedence over configuration file values
Product: OpenShift Container Platform Reporter: Xingxing Xia <xxia>
Component: ocAssignee: Maciej Szulik <maszulik>
Status: CLOSED EOL QA Contact: Xingxing Xia <xxia>
Severity: low Docs Contact:
Priority: medium    
Version: 3.1.0CC: aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-21 08:39:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Xingxing Xia 2015-10-21 10:27:15 UTC 
Description of problem:
When 'oc login --certificate-authority=<CA file>' and then 'oc get bc --insecure-skip-tls-verify', the latter oc operation fails. Reverse the order, it also fails.

Version-Release number of selected component (if applicable):
oc v3.0.2.901-61-g568adb6
kubernetes v1.1.0-alpha.1-653-g86b4e77

How reproducible:
Always.

Steps to Reproduce:
1. Start openshift
2. oc login with CA and create project
$ SERVER=https://openshift-146.lab.eng.nay.redhat.com:8443
$ oc login --server=$SERVER --certificate-authority=openshift.local.config/master/ca.crt -u xxia -p redhat
$ oc new-proj xxia-proj
3. Check the config
$ oc config view
4. Test oc command with --insecure-skip-tls-verify when config uses CA
$ oc get bc --insecure-skip-tls-verify=true

5. oc login with --insecure-skip-tls-verify
1> $ rm -f ~/.kube/config
2> $ oc login --server=$SERVER --insecure-skip-tls-verify=true -u xxia -p redhat
6. Check the config again
$ oc config view
7. Test oc command with CA
$ oc get bc --certificate-authority=openshift.local.config/master/ca.crt

Actual results:
3. The cluster info uses CA
4. Outputs error:
error: specifying a root certificates file with the insecure flag is not allowed

6. The cluster info uses insecure-skip-tls-verify
7. Outputs error:
error: specifying a root certificates file with the insecure flag is not allowed

Expected results:
4. and 7.
Should succeed. Command line options take precedence over configuration file values

Additional info:
Checked step 4 and 7 in Openshift Origin works ok.
Refer to https://docs.openshift.org/latest/cli_reference/manage_cli_profiles.html#loading-and-merging-rules
Comment 2 Maciej Szulik 2019-08-21 08:39:20 UTC 
Closing due to age.