Bug 2048537
Summary: | Exposed route host to image registry” connecting successfully to invalid registry “xyz.com” | ||
---|---|---|---|
Product: | Migration Toolkit for Containers | Reporter: | ssingla |
Component: | Controller | Assignee: | Pranav Gaikwad <pgaikwad> |
Status: | CLOSED ERRATA | QA Contact: | ssingla |
Severity: | medium | Docs Contact: | Richard Hoch <rhoch> |
Priority: | medium | ||
Version: | 1.7.0 | CC: | apinnick, ernelson, jmatthew, jmontleo, rjohnson, xjiang |
Target Milestone: | --- | ||
Target Release: | 1.7.2 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 2031101 | Environment: | |
Last Closed: | 2022-07-01 09:52:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2031101 | ||
Bug Blocks: |
Description
ssingla
2022-01-31 13:10:46 UTC
OpenShift image registries listen on API path "/v2". The MigCluster controller simply issues a GET request at the API path on provided Registry URL. If a response is not an error, it validates the Registry URL. If the response results in an error, it fails the validation. Now the fun part, "https://xyz.com/v2" actually is a valid API path and returns a 200 when a GET request is made. Hence this bug. To solve it, we need a more sophisticated health check mechanism to determine whether provided URL is valid or not. Let's evaluate this in the 1.7.1 round and see if it makes sense to backport. It feels bad to be acknowledging that these are healthy when they are in fact, not. It's a bad health check. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5483 |