Bug 1877486

Summary: NoProxy in install-config.yaml doesn't accept '*'
Product: OpenShift Container Platform Reporter: Moti Asayag <masayag>
Component: InstallerAssignee: Abhinav Dahiya <adahiya>
Installer sub component: openshift-installer QA Contact: Gaoyun Pei <gpei>
Status: CLOSED NOTABUG Docs Contact:
Severity: medium    
Priority: medium CC: adahiya, tsze, vemporop, yanyang
Version: 4.5Keywords: Reopened
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Installer did not accept `*` as a valid value for proxy.noProxy field Consequence: Users cannot create a cluster with no proxy set to `*` during installation. Fix: Installer now allows `*` as a valid value Result: Users can create a cluster with no proxy set to `*` during installation.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-08 12:03:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1877866    

Description Moti Asayag 2020-09-09 17:55:31 UTC 
Description of problem:
'*' wildcard isn't accepted as value for 'noProxy' when it is provided in install-config.yaml

Version-Release number of the following components:
openshift-install 4.5.2
built from commit 6336a4b3d696dd898eed192e4188edbac99e8c27
release image quay.io/openshift-release-dev/ocp-release@sha256:8f923b7b8efdeac619eb0e7697106c1d17dd3d262c49d8742b38600417cf7d1d

How reproducible:
always

Steps to Reproduce:
1. Add in install-config.yaml proxy settings:

proxy:
  httpProxy: http://10.46.41.7:3128
  noProxy: "*"

2. Generate ignition files:

openshift-install --dir no_proxy create ignition-configs
FATAL failed to fetch Kubeconfig Admin Client: failed to load asset "Install Config": invalid "install-config.yaml" file: [proxy: Required value: must include httpProxy or httpsProxy, NoProxy: Invalid value: "*": must be a CIDR or domain, without wildcard characters]


Actual results:
Command failed with the above output.


Expected results:
ignition file should be generated successfully


Additional info:

"*" is considered to be a valid value for noProxy according to https://docs.openshift.com/container-platform/4.5/installing/installing_bare_metal/installing-restricted-networks-bare-metal.html#installation-configure-proxy_installing-restricted-networks-bare-metal 

"A comma-separated list of destination domain names, domains, IP addresses, or other network CIDRs to exclude proxying. Preface a domain with . to include all subdomains of that domain. Use * to bypass proxy for all destinations."

Also, a document bug related to this issue: https://github.com/openshift/openshift-docs/pull/25201
Comment 1 Abhinav Dahiya 2020-09-10 19:00:01 UTC 
seems like proxies.config.openshift.io/v1 object support this wildcard, so i think the installer can also support this. see https://github.com/openshift/cluster-network-operator/blob/899cff815b2611100eee370cc8e0cdf9b736e1b9/pkg/controller/proxyconfig/validation.go#L64
Comment 3 Gaoyun Pei 2020-09-21 06:54:55 UTC 
Reproduced this issue with payload 4.6.0-0.nightly-2020-09-17-195238, noProxy: '*' is not accepted by the installer.

Example install-config.yaml:

proxy:
  httpProxy: http://xxx.xx:3128
  noProxy: "*"

++ ./openshift-install create manifests --dir '/home/jenkins/workspace/Launch Environment Flexy/workdir/install-dir'
level=fatal msg="failed to fetch Master Machines: failed to load asset \"Install Config\": invalid \"install-config.yaml\" file: NoProxy: Invalid value: \"*\": must be a CIDR or domain, without wildcard characters"


And on payload 4.6.0-0.nightly-2020-09-20-022022, it accepted '*' now.

# oc get proxy cluster -o yaml
apiVersion: config.openshift.io/v1
kind: Proxy
...
spec:
  httpProxy: http://xx.xx:3128
  noProxy: '*'
  trustedCA:
    name: ""
status:
  httpProxy: http://xx.xx:3128
  noProxy: '*'
Comment 6 errata-xmlrpc 2020-10-27 16:38:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196
Comment 7 vemporop 2021-04-08 11:05:48 UTC 
This issue has re-surfaced in 4.7.5 (quay.io/openshift-release-dev/ocp-release:4.7.5-x86_64), was definitely not present in 4.7.2.

See also https://bugzilla.redhat.com/show_bug.cgi?id=1947066

Maybe the fix was reverted for some reason, although * seems to be a valid value.
Comment 9 vemporop 2021-04-08 12:03:13 UTC 
I'm very sorry, it was my mistake. Closing