Bug 1581106

Summary: Add label for secret created in openshift-ansible-service-broker namespace when binding
Product: OpenShift Container Platform Reporter: Zihan Tang <zitang>
Component: Service BrokerAssignee: Erik Nelson <ernelson>
Status: CLOSED ERRATA QA Contact: Zihan Tang <zitang>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.10.0CC: aos-bugs, chezhang, dymurray, jesusr, jiazha, jmatthew, shurley, zhsun
Target Milestone: ---   
Target Release: 3.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-11 07:20:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zihan Tang 2018-05-22 07:40:14 UTC 
Description of problem:
when create binding, will create a secret in openshift-ansible-service-broker namespace , the secret is better to add a 'apbAction=bind' label as the provision secret.

# oc get secret --show-labels
NAME                                   TYPE                                  DATA      AGE       LABELS
37c6c876-5d90-11e8-8814-0a580a800004   Opaque                                1         48s       apbAction=provision,apbName=dh-mariadb-apb
547fb66e-5d90-11e8-8814-0a580a800004   Opaque                                1         8s        <none>


Version-Release number of selected component (if applicable):
asb 1.2.12

How reproducible:
always

Steps to Reproduce:
1. provision a apb and create a binding 
2. check the secret 
3.

Actual results:
no label for the binding secret .
# oc get secret --show-labels
NAME                                   TYPE                                  DATA      AGE       LABELS
37c6c876-5d90-11e8-8814-0a580a800004   Opaque                                1         48s       apbAction=provision,apbName=dh-mariadb-apb
547fb66e-5d90-11e8-8814-0a580a800004   Opaque                                1         8s        <none>

oc get secret 547fb66e-5d90-11e8-8814-0a580a800004 -o yaml
apiVersion: v1
data:
  credentials: eyJEQl9IT1NUIjoicmhzY2wtbWFyaWFkYiIsIkRCX05BTUUiOiJhZG1pbiIsIkRCX1BBU1NXT1JEIjoiZGRkZCIsIkRCX1BPUlQiOiIzMzA2IiwiREJfVFlQRSI6Im15c3FsIiwiREJfVVNFUiI6ImFkbWluIn0=
kind: Secret
metadata:
  creationTimestamp: 2018-05-22T07:18:31Z
  name: 547fb66e-5d90-11e8-8814-0a580a800004
  namespace: openshift-ansible-service-broker
  resourceVersion: "41767"
  selfLink: /api/v1/namespaces/openshift-ansible-service-broker/secrets/547fb66e-5d90-11e8-8814-0a580a800004
  uid: 54ba420e-5d90-11e8-9843-0e0ea6ba27fc
type: Opaque


Expected results:
add label 
  apbAction=bind,apbName=dh-mariadb-apb

Additional info:
Comment 1 Erik Nelson 2018-08-02 13:32:25 UTC 
https://github.com/automationbroker/bundle-lib/pull/157

A fix for this was actually committed to bundle-lib master a few days before this bz was filed. I noticed an inconsistency with these labels between actions, seeing 'apb{Action,Name}' and 'bundle{Action,Name}' both used. The bundle variant is more correct, so I have applied consistent labels across actions with the above PR.
Comment 3 Zihan Tang 2018-08-17 05:28:58 UTC 
verify failed.
asb: v3.11.0-0.17.0 (1.3.9)

the binding credentials in openshift-ansible-service-broker project still doest has label about 'bind'

# oc get secret --show-labels
NAME                                   TYPE                                  DATA      AGE       LABELS
42891cbf-a1dc-11e8-9338-0a580a800006   Opaque                                1         11m       bundleAction=provision,bundleName=aws-postgresql-apb
9b64d37d-a1dd-11e8-9338-0a580a800006   Opaque                                1         3m        <none>


9b64d37d-a1dd-11e8-9338-0a580a800006 is the secret from binding
Comment 4 Erik Nelson 2018-08-21 15:57:33 UTC 
There's one particular code path that was missed, here is the fix: https://github.com/openshift/ansible-service-broker/pull/1054
Comment 5 Dylan Murray 2018-08-22 14:47:54 UTC 
New builds added to advisory:
openshift-enterprise-asb-container-v3.11.0-0.20.0.0
openshift-enterprise-apb-tools-container-v3.11.0-0.20.0.0
Comment 6 Zihan Tang 2018-08-28 09:08:56 UTC 
Verified
asb: 1.3.12
# oc get secret --show-labels
NAME                                   TYPE                                  DATA      AGE       LABELS
3eb53e91-aaa1-11e8-9d23-0a580a800006   Opaque                                1         2m        bundleAction=bind,bundleName=rh-postgresql-apb
Comment 8 errata-xmlrpc 2018-10-11 07:20:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652