Bug 1310616
| Summary: | oc new-build with docker strategy should prompt error when using absolute path for "--build-secret" (when testing compatibility between latest oc and old openshift) | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Xingxing Xia <xxia> |
| Component: | Build | Assignee: | Michal Fojtik <mfojtik> |
| Status: | CLOSED ERRATA | QA Contact: | Wenjing Zheng <wzheng> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.2.0 | CC: | aos-bugs, bparees, jokerman, mfojtik, mmccomas, tdawson, xxia |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-05-12 16:30:00 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Xingxing Xia
2016-02-22 11:11:26 UTC
The absolute path validation happens on the API validation level, so the `oc` does not validate the provided path. Does this mean we should also validate for absolute path in `oc` binary? Michal, this should be closed upstream as an RFE per the new trello card: https://trello.com/c/NgWdS8qU/860-validate-calls-that-oc-make-to-master-api-to-see-if-the-requested-feature-is-available right? (In reply to Michal Fojtik from comment #1) > The absolute path validation happens on the API validation level, so the > `oc` does not validate the provided path. Does this mean we should also > validate for absolute path in `oc` binary? I agree about Clayton's opinion https://github.com/openshift/origin/issues/7552#issuecomment-187734239. If absolute path is thought as kind of "selective" check, then better to validate for it in `oc`. I can add validation to 'oc' for that but it won't fix the problem in 'older' master where the build secrets are not supported ;-) IOW. you will not be able to create build secret with absolute path anymore, but if you provide relative, it will succeed even if the server does not support that feature... Michal, agree with you. Just need to validate oc. Thank you. Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/85b571040d4694e059bf72cbe6d87374a84a0124 Bug 1310616: Validate absolute dir in build secret for docker strategy in oc new-build Verified against Origin using latest oc vs openshift older than the fix commit. Now step 3 result is: error: unable to add build secrets "mysecret:/tmp/mysecret,mysecret2": for the docker strategy, the secret destination directory "/tmp/mysecret" must be a relative path The bug is fixed. But code is not merged yet to OSE. Will verify against OSE when merged. s/than the fix commit/than v3.1.1.6 Verified using latest OSE oc version v3.1.1.911 VS old openshift v3.1.1.6. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2016:1064 |