Bug 1304635 - [platformmanagement_public_544]Could not create reencrypt successfully via oc create route reencrypt
[platformmanagement_public_544]Could not create reencrypt successfully via oc...
Status: CLOSED CURRENTRELEASE
Product: OpenShift Origin
Classification: Red Hat
Component: Command Line Interface (Show other bugs)
3.x
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Michail Kargakis
Wei Sun
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-04 04:08 EST by Wei Sun
Modified: 2016-05-12 13:11 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-12 13:11:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Wei Sun 2016-02-04 04:08:32 EST
Description of problem:
Create a reencrypt route usig `oc create route reencrypt ` command,if I add --dest-ca-cert ,then I will get  "Details: edge termination does not support destination certificates" .


Version-Release number of selected component (if applicable):
devenv-rhel7_3325
# oc version
oc v1.1.1-400-g76ea550
kubernetes v1.2.0-alpha.4-851-g4a65fa1

How reproducible:
Always

Steps to Reproduce:
1.Create the pod, service
# oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/nginx-pod.json
# oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/reencrypt/service_secure.json

2.Create reencrypt route
# oc create route reencrypt my-route1 --dest-ca-cert=example2.cert --service=hello-nginx --hostname=www.example2.com --key=example2.key --cert=example2.pem  
3.

Actual results:
2.# oc create route reencrypt my-route1 --dest-ca-cert=example2.cert  --service=hello-nginx --hostname=www.example2.com --key=example2.key --cert=example2.pem 
The Route "my-route1" is invalid.
tls.destinationCACertificate: invalid value '-----BEGIN CERTIFICATE-----
MIIDJzCCAg+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx
CzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl
ZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3
dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu
Y29tMB4XDTE2MDExMzE5NDEwNloXDTI2MDExMDE5NDEwNlowgYAxGTAXBgNVBAMT
EHd3dy5leGFtcGxlMi5jb20xCzAJBgNVBAgTAlNDMQswCQYDVQQGEwJVUzEjMCEG
CSqGSIb3DQEJARYUZXhhbXBsZTJAZXhhbXBsZS5jb20xETAPBgNVBAoTCEV4YW1w
bGUyMREwDwYDVQQLEwhFeGFtcGxlMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAyNZ2LYb4rx9JPDSL2HV+Jn5x5dsxJXpOTsMnXCDt3thcU1XkdraJyameRGAN
eyQwMDmw9QIz7VQ8keYD8oj86pXxAlJAcAAlOJk7QVQPCI96rfCFh7mIJvSkZDp3
qLXPa+Eh6A6BdDnH+k66NaKPA2r9CmlFOjQRegX7OoCT0DMCAwEAAaMNMAswCQYD
VR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAjZyGYv/Z/L34dI/QNZnj+giEi01+
zaNxVMGvg0MR0+Y+neTtoXD422rVoIM5OmwxdwtrtUxgjrNKeSCGFytnHbn/sgob
L9pF5SbkS8nnbhahj1FEjjjIzRCng/TPp2pHlU13ccpHblffGrawyLzayBzQYFLB
SdGBb8Brj3/XvjGuwx889Pxk0du00gl94b3Q8LQ+veHpwTA5KmvT2OrKZr3zv3zY
o/WkbxE76DTRnXNHDD30BxhW5EMP9lpJKfOQjXd244S4ZxQ1sD/ecVQYt3I7TJfM
BlKIfRJfzFLrI4wD/3Xz4ZA596KAbNt6Eb3liRRM+qh5cNab88640SKFAg==
-----END CERTIFICATE-----
', Details: edge termination does not support destination certificates

Expected results:
Could create reencrypt route successfully

Additional info:
If I don't add --dest-ca-cert just use `oc create route reencrypt my-route --service=hello-nginx --hostname=www.example2.com --key=example2.key --cert=example2.pem` , then after creating the route,the route TLS is shown "edge"
Comment 1 openshift-github-bot 2016-02-04 12:51:44 EST
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/a38817a1ebeb85f7fdf21afa33e6c4e5d60c27e4
Bug 1304635: fix termination type for oc create route reencrypt
Comment 2 Wei Sun 2016-02-05 00:11:37 EST
The bug was fixed in devenv-rhel7_3335.After the bug is moved to ON_QA,I'll verify it.

Result:
 
# oc create route reencrypt my-route-path --dest-ca-cert=reencrypt.cert --service=hello-nginx --hostname=www.example2.com --key=reencrypt.key --cert=reencrypt.pem --path=/test
route "my-route-path" created

# oc create route reencrypt my-route-no-path --dest-ca-cert=reencrypt.cert --service=hello-nginx --hostname=www.example2.com --key=reencrypt.key --cert=reencrypt.pem 
route "my-route-no-path" created

# oc get route
NAME               HOST/PORT          PATH      SERVICE       LABELS    INSECURE POLICY   TLS TERMINATION
my-route-no-path   www.example2.com             hello-nginx                               reencrypt
my-route-path      www.example2.com   /test     hello-nginx                               reencrypt
Comment 3 Xingxing Xia 2016-02-13 22:24:00 EST
Verified against devenv-rhel7_3421.
The test results are:
For step 2: result is as shown in comment 2.
For "Additional info": If don't add --dest-ca-cert for `oc create route reencrypt`, then the command will fail with message "tls.destinationCACertificate: Required value"

The bug is fixed, so move to VERIFIED

Note You need to log in before you can comment on or make changes to this bug.