Bug 2118625

Summary: [Nutanix] ccoctl panics if nutanix credentials source file and openshift credentials requests files are in the same directory
Product: OpenShift Container Platform Reporter: Sid Shukla <sishukla>
Component: Cloud Credential OperatorAssignee: Sid Shukla <sishukla>
Status: CLOSED ERRATA QA Contact: Jianping SHu <jshu>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.11CC: abutcher, mihuang
Target Milestone: ---   
Target Release: 4.12.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-17 19:54:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2118680    

Description Sid Shukla 2022-08-16 09:47:43 UTC 
ccoctl on Nutanix crashes with a panic if the credentials requests manifests (YAML) and nutanix credentials source (also YAML) happen to be in the same directory. 

```
ccoctl nutanix create-shared-secrets --credentials-requests-dir=. --output-dir=. --credentials-source-filepath=pccred.yaml

2022/07/29 03:59:48 Saved credentials configuration to: manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc3bb0e]

goroutine 1 [running]:
github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1.(*ProviderCodec).DecodeProviderSpec(0xc00022d600?, 0x7fff970266ce?, {0x238a4d8?, 0xc000146600?})
        /go/src/github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1/codec.go:69 +0x2e
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.processCredReq(0xc00022da00, {0x7fff970266ce, 0x1}, 0x60?)
        /go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:220 +0x85
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecrets({0x7fff970266bf, 0x1}, {0x7fff970266ce, 0x1}, 0xc00000eb10?, 0x32?)
        /go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:182 +0x18d
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecretsCmd(0xc000712c80?, {0x1fd52e4?, 0x3?, 0x3?})
        /go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:131 +0x379
github.com/spf13/cobra.(*Command).execute(0xc000712c80, {0xc0006f1f20, 0x3, 0x3})
        /go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:856 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0006eb180)
        /go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:974 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
        /go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:902
main.main()
        /go/src/github.com/openshift/cloud-credential-operator/cmd/ccoctl/main.go:27 +0x12f
```
Comment 2 Mingxia Huang 2022-08-18 02:15:23 UTC 
Reproduced with the old version ccoctl.
1.Extract ccoctl from  RELEASE_IMAGE=registry.ci.openshift.org/ocp/release:4.11.0-0.nightly-2022-08-17-010007
2.Create secret with nutanix credentials source.
$ ccoctl nutanix create-shared-secrets --credentials-requests-dir=. --output-dir=. --credentials-source-filepath=creds.yaml
2022/08/17 05:15:06 Saved credentials configuration to: manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc3bb6e]

goroutine 1 [running]:
github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1.(*ProviderCodec).DecodeProviderSpec(0xc00022f800?, 0x7fffa8a721b7?, {0x238a4d8?, 0xc000089c40?})
	/go/src/github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1/codec.go:69 +0x2e
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.processCredReq(0xc00022fc00, {0x7fffa8a721b7, 0x1}, 0xc0?)
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:220 +0x85
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecrets({0x7fffa8a721a8, 0x1}, {0x7fffa8a721b7, 0x1}, 0xc00000e960?, 0x32?)
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:182 +0x18d
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecretsCmd(0xc000700f00?, {0x1fd52c4?, 0x3?, 0x3?})
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:131 +0x379
github.com/spf13/cobra.(*Command).execute(0xc000700f00, {0xc0006fafc0, 0x3, 0x3})
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:856 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0006d5400)
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:974 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:902
main.main()
	/go/src/github.com/openshift/cloud-credential-operator/cmd/ccoctl/main.go:27 +0x12f

Verified with the new version ccoctl .
1.Extract ccoctl from RELEASE_IMAGE=registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2022-08-17-012756
2.Create secrets with nutanix credentials source.
$ ./ccoctl nutanix create-shared-secrets --credentials-requests-dir=. --output-dir=. --credentials-source-filepath=creds.yaml
2022/08/17 05:19:48 Saved credentials configuration to: manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
3.Check if this secret is correct.
$ oc create -f manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
secret/nutanix-credentials created
$ oc get secret -A | grep nutanix-credentials 
openshift-machine-api                              nutanix-credentials                                               Opaque                                1      34s
4.Base64 decodeing the credentials to check if secret nutanix-credentials is same with creds.yaml file.
Comment 5 errata-xmlrpc 2023-01-17 19:54:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399