Bug 2126694

Summary: [KMIP][UI] Incomplete KMS details for Thales is listed under existing KMS connections during SC creation
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: Rachael <rgeorge>
Component: management-consoleAssignee: Sanjal Katiyar <skatiyar>
Status: CLOSED CURRENTRELEASE QA Contact: Rachael <rgeorge>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.12CC: jefbrown, muagarwa, nthomas, ocs-bugs, odf-bz-bot, skatiyar
Target Milestone: ---   
Target Release: ODF 4.12.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 4.12.0-74 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-02-08 14:06:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rachael 2022-09-14 09:23:21 UTC 
Description of problem (please be detailed as possible and provide log
snippets):

In ODF 4.12, while creating an encrypted RBD storageclass, Under "Choose existing KMS connection", the KMS config listed for Thales (using KMIP) provider lists the connection details which do not have the Unique identifier required for PV encryption using KMIP.

The csi-kms-connection-detail configmap from where this connection detail is listed in the UI was created during deployment using the inputs given for clusterwide encryption using Thales (KMIP), which does not require the unique identifier to be provided.

We can either not create this configmap during deployment or check for complete/required parameters in the connection details before listing them in the UI.


Version of all relevant components (if applicable):
---------------------------------------------------
ODF: odf-operator.v4.12.0    full_version=4.12.0-50
OCP: 4.12.0-0.nightly-2022-09-08-114806



Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?

The user may use this existing connection detail to create a storageclass and a PVC, which would ultimately fail, since the uinique identifier for the Key is missing.



Is there any workaround available to the best of your knowledge?
Manually editing the configmap via CLI or creating a new connection detail

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
2

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
Yes

If this is a regression, please provide more details to justify this:
No

Steps to Reproduce:
-------------------

1. Deploy an ODF 412 cluster with clusterwide encryption enabled using Thales KMIP
2. Create an encrypted RBD storageclass from the UI:
   Storage -> StorageClasses -> Create StorageClass
3. Select RBD provisioner from the list of provisioners
4. Click on enable encryption -> Choose existing KMS connection
5. Select Thales (using KMIP) as the provider
6. Under Key service select the existing connection listed
7. Create the storageclass
8. Create a PVC using the storageclass


Actual results:
---------------
PVC creation will fail, since the Unique Identifier is missing

Expected results:
-----------------
The connection details should be filtered out so that only valid entries are listed.