Bug 1829055

Summary: [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https)
Product: [Red Hat Storage] Red Hat OpenShift Container Storage Reporter: Jason Montleon <jmontleo>
Component: Multi-Cloud Object GatewayAssignee: Jacky Albo <jalbo>
Status: CLOSED ERRATA QA Contact: aberner
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.3CC: ebenahar, etamir, madam, mbukatov, muagarwa, nbecker, ocs-bugs, sostapov
Target Milestone: ---Keywords: FutureFeature, Improvement, UserExperience
Target Release: OCS 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: v4.6.0-106.ci Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-12-17 06:22:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jason Montleon 2020-04-28 19:21:01 UTC 
Description of problem (please be detailed as possible and provide log
snippests):

This is minor, but would be a nice enhancement.

If you enter the url of the noobaa mgmt route using http:// instead of https:// it does not redirect.

Version of all relevant components (if applicable):
4.3.1

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
No

Is there any workaround available to the best of your knowledge?
Yes, use https

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
1

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
Yes

If this is a regression, please provide more details to justify this:
No

Steps to Reproduce:
1. Install OCS/MCG
2. Attempt to access the mgmt route using http:// instead of https://


Actual results:
The user should be redirected.

Expected results:
The user is not redirected.

Additional info:

By adding spec.insecureEdgeTerminationPolicy: Redirect to the route the user will be redirected automatically.
Comment 4 Jose A. Rivera 2020-04-29 15:03:01 UTC 
This is a NooBaa issue, moving accordingly and pushing it out to OCS 4.6.
Comment 5 Martin Bukatovic 2020-04-29 17:02:20 UTC 
This seems to be related to a particular NooBaa route/service configuration, which is done on purpose as Eran notes in https://bugzilla.redhat.com/show_bug.cgi?id=1810684#c2
Comment 6 Jason Montleon 2020-04-29 18:56:08 UTC 
I don't think this is the same. 1810684 is pointing out that there is a route and an elb address that Noobaa management can be reached from.

Instead I'm referring to an automatic redirect from http to https on the route. We saw a second person do this in a lab today and have to ask for help, so it is causing users some confusion. I'm sure they would figure it out eventually, but it's a one line adjustment to the route to save confusion. Like I said, minor, but nice.
Comment 10 Mudit Agarwal 2020-10-29 06:15:30 UTC 
Nimrod, should we add doc_text for this one (being an RFE)
Comment 11 Nimrod Becker 2020-10-29 07:45:02 UTC 
Nope, we are serving HTTPS and we should have redirected HTTP to HTTPS, now its done properly.
Don't think we need a doc.
Comment 14 errata-xmlrpc 2020-12-17 06:22:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5605