Bug 1820734

Summary: cluster-etcd-operator needs to check for permission denied errors in etcd cli
Product: OpenShift Container Platform Reporter: Alay Patel <alpatel>
Component: EtcdAssignee: Sam Batschelet <sbatsche>
Status: CLOSED DUPLICATE QA Contact: ge liu <geliu>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4CC: dmace, skolicha
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-20 16:28:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alay Patel 2020-04-03 18:09:10 UTC 
Description of problem:

The cluster-etcd-operator(CEO) makes a lot of client calls to etcd API. It is all wrapped in the package etcdcli[1]. 

The authentication for these calls come in as through certs that are mounted to the CEO pod [2][3].

All the calls to etcd API should check for Authentication errors and fail miserably if the cert is not valid with something like `ErrPermissionDenied`[4]

1. https://github.com/openshift/cluster-etcd-operator/tree/master/pkg/etcdcli
2. https://github.com/openshift/cluster-etcd-operator/blob/master/pkg/etcdcli/etcdcli.go#L133
3. https://github.com/openshift/cluster-etcd-operator/blob/6aecbb125e3ff32de0f4aec2941fe59131f28af7/manifests/0000_12_etcd-operator_06_deployment.yaml#L47
4. https://github.com/etcd-io/etcd/blob/master/etcdctl/ctlv3/command/ep_command.go#L130
Comment 1 Michal Fojtik 2020-05-12 10:45:10 UTC 
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet.

As such, we're marking this bug as "LifecycleStale" and decreasing the severity. 

If you have further information on the current state of the bug, please update it, otherwise this bug will be automatically closed in 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant.
Comment 2 Dan Mace 2020-05-20 16:28:13 UTC 
This one is already covered by #1832986

*** This bug has been marked as a duplicate of bug 1832986 ***
Comment 3 Red Hat Bugzilla 2023-09-14 05:55:04 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days