Bug 1500934

Summary: When broker is deployed to a namespace other than ansible-service-broker, secret lookup fails
Product: OpenShift Container Platform Reporter: Fabian von Feilitzsch <fabian>
Component: Service BrokerAssignee: Erik Nelson <ernelson>
Status: CLOSED ERRATA QA Contact: Zhang Cheng <chezhang>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.7.0CC: aos-bugs, fabian, jesusr, jmatthew, wmeng
Target Milestone: ---   
Target Release: 3.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-05 09:29:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Fabian von Feilitzsch 2017-10-11 19:07:18 UTC 
Description of problem:
The secret lookup is hardcoded to the ansible-service-broker namespace. It needs to be dynamically loaded so that the broker can be deployed to arbitrary namespaces

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Erik Nelson 2017-10-11 19:35:44 UTC 
https://github.com/openshift/ansible-service-broker/pull/482
Comment 3 Zhang Cheng 2017-10-17 08:36:03 UTC 
Which method of deploy asb? By template or by ansible installer?
Could you provide a reproduce steps? Thanks.
Comment 4 Zhang Cheng 2017-10-20 09:14:50 UTC 
Fabian, Could you provide a reproduce steps? Thanks.
Comment 5 Zhang Cheng 2017-10-24 02:20:48 UTC 
John, this card lack enough info to verify for QE, could you help confirm and provide? Thanks.
Comment 6 Fabian von Feilitzsch 2017-10-27 17:24:30 UTC 
To test:

1. Install and deploy the broker to a namespace other than ansible-service-broker, for example openshift-ansible-service-broker (which is where the openshift-ansible installer would put it)
2. Create a secret named testsecret containing 
    postgresql_user: test
    postgresql_password: testpass
3. Add a secrets section to the broker config containing:
      secrets:
      - apb_name: dh-rhscl-postgresql-apb
        secret: test
        title: test
   (if you aren't pulling the apbs from dockerhub you may need to change the apb_name to match what is in y our broker)
4. Attempt to deploy the rhscl-postgresql-apb

If the deployment doesn't fail with an error saying that the secret wasn't found in the ansible-service-broker namespace then it worked
Comment 7 Zhang Cheng 2017-10-30 09:20:12 UTC 
I will verify after BZ https://bugzilla.redhat.com/show_bug.cgi?id=1496426 is merged.
Comment 8 Zhang Cheng 2017-11-02 10:27:05 UTC 
Verified and passed. Testing base on steps in comment6 with latest image v3.7.0-0.189.0.0
Comment 12 errata-xmlrpc 2018-04-05 09:29:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0636