Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1312444

Summary: Impossible to pass multiline parameters to templates
Product: OpenShift Container Platform Reporter: Evgheni Dereveanchin <ederevea>
Component: Management ConsoleAssignee: Jessica Forrester <jforrest>
Status: CLOSED ERRATA QA Contact: Yadan Pei <yapei>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.1.0CC: aos-bugs, jforrest, jokerman, mmccomas, ssydoren, yanpzhan
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-18 12:39:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Evgheni Dereveanchin 2016-02-26 17:21:39 UTC 
Description of problem:
Parameters are used to customize templates during deployment, and sometimes it's required to provide multiline values as parameters (for example certicate info in PEM format). Currently it is not possible as newlines will be removed/escape by the HTML form

Version-Release number of selected component (if applicable):
3.1.1

How reproducible:
Always

Steps to Reproduce:
1. create a template or edit the default one
2. in the route section set edge TLS termination with parametrized certificates
  tls:
    termination: edge
    caCertificate: ${CACERT}
    certificate: ${SRVCERT}
    key: ${SRVKEY}

3. in the parameters section describe the new parameters
- description: CA certificate
  name: CACERT
- description: server certificate
  name: SRVCERT
- description: private key
  name: SRVKEY
4. save the template, go to the web interface and add PEM certificates/keys (generate test ones on selfsignedcertificate.com for example)
5. open the console and check out the generated route

Actual results:
newlines are removed, certificates are garbled, HAproxy cannot parse the resulting PEM file

Expected results:
newlines are preserved

Additional info:
Route documentation confirms that certificates are stored as multiline values:
https://access.redhat.com/documentation/en/openshift-enterprise/3.1/architecture/chapter-3-core-concepts#edge-termination
This limitation makes it impossible to add certificates by other means than the console.
Comment 1 Evgheni Dereveanchin 2016-02-26 17:38:15 UTC 
In order not to pollute #0 I moved examples into a separate comment.

Here's a sample self-signed cert I generated:

-----BEGIN CERTIFICATE-----
MIIC+TCCAeGgAwIBAgIJAPsRUdQKoZ5/MA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
BAMMCGRlbW8ubGFuMB4XDTE2MDIyNjA5MDkyMloXDTI2MDIyMzA5MDkyMlowEzER
MA8GA1UEAwwIZGVtby5sYW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDPUPzbZ2oHzuPKYEyzJnMj+peUDDvVhe/2a/Lq5eYADxZ8hJxREWa5Q8tKmyqh
XcPWhk0aRiKHk4EPCs5pmwBStXFZfz0MoOJy5wx96rfJetI34om6ei38wU57WsZY
uLJAi7Iz4eo0oytLqWiv/epLFNabFqWBG2UpGlL58YT7JdPQbToll44p4elNR2LY
StP0d8Yu/k0SnMUlaAwTTgnX3c4ExtZ0zIXPXn3A1nSiUZKqHYTfGisNy7GbHTQC
XLYWghfgizL2TxIyX2UlhQkj8sDv/4pMJWxIK0Ut7OhBU7MiLbKlrNxPefQyImCz
I8kG5IcJGA9eN0xiDZjBNupxAgMBAAGjUDBOMB0GA1UdDgQWBBSpOZ0SkLLJQmc/
yq3nQBH5siWoezAfBgNVHSMEGDAWgBSpOZ0SkLLJQmc/yq3nQBH5siWoezAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQDKehvgs7J0fHypvfXPz+5iY3bJ
ZMMq5jgF+EeMoDP9vC2UKS9akcJEGMIsnkXQdob8TeTtCa7uIkVShnTNvh5Hqp+G
17K9dCInr9z6+Nax7cWiR0oH1T0G2G7WPPaPsp8utVitc4EmlPVKZoNcM3z9iyY7
ioy72viuL2VkBiWSIqwZQ+rnjTb4APGnPSe2bFsABg5fUyIrMdqSXGS3WyQq8CVQ
phgOWwJTlcShygkaI52wD8Lo7puTFgPPUcdlO7o8ypODBQM81FizBvrG/B0zhYtr
X+wbxXaG/BZqKfklaAiNN6669L0VxIUylOk81xdEJVYibZInXtpBZijPSdV3
-----END CERTIFICATE-----

I put it as is into the web form. In the resulting route I see this:

  tls:
    caCertificate: '-----BEGIN CERTIFICATE----- MIIC+TCCAeGgAwIBAgIJAPsRUdQKoZ5/MA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
      BAMMCGRlbW8ubGFuMB4XDTE2MDIyNjA5MDkyMloXDTI2MDIyMzA5MDkyMlowEzER MA8GA1UEAwwIZGVtby5sYW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
      AQDPUPzbZ2oHzuPKYEyzJnMj+peUDDvVhe/2a/Lq5eYADxZ8hJxREWa5Q8tKmyqh XcPWhk0aRiKHk4EPCs5pmwBStXFZfz0MoOJy5wx96rfJetI34om6ei38wU57WsZY
      uLJAi7Iz4eo0oytLqWiv/epLFNabFqWBG2UpGlL58YT7JdPQbToll44p4elNR2LY StP0d8Yu/k0SnMUlaAwTTgnX3c4ExtZ0zIXPXn3A1nSiUZKqHYTfGisNy7GbHTQC
      XLYWghfgizL2TxIyX2UlhQkj8sDv/4pMJWxIK0Ut7OhBU7MiLbKlrNxPefQyImCz I8kG5IcJGA9eN0xiDZjBNupxAgMBAAGjUDBOMB0GA1UdDgQWBBSpOZ0SkLLJQmc/
      yq3nQBH5siWoezAfBgNVHSMEGDAWgBSpOZ0SkLLJQmc/yq3nQBH5siWoezAMBgNV HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQDKehvgs7J0fHypvfXPz+5iY3bJ
      ZMMq5jgF+EeMoDP9vC2UKS9akcJEGMIsnkXQdob8TeTtCa7uIkVShnTNvh5Hqp+G 17K9dCInr9z6+Nax7cWiR0oH1T0G2G7WPPaPsp8utVitc4EmlPVKZoNcM3z9iyY7
      ioy72viuL2VkBiWSIqwZQ+rnjTb4APGnPSe2bFsABg5fUyIrMdqSXGS3WyQq8CVQ phgOWwJTlcShygkaI52wD8Lo7puTFgPPUcdlO7o8ypODBQM81FizBvrG/B0zhYtr
      X+wbxXaG/BZqKfklaAiNN'

Some newlines are removed and the value is truncated to 1024 bytes.

I tried to replace newlines with "\n" but that is rejected by the WebUI:

Cannot create route. Route "jenkins" is invalid: tls.certificate: invalid value '-----BEGIN CERTIFICATE-----\\nMIIC+TCCAeG.....', Details: double escaped new lines (\\n) are invalid.

Double and triple escapes also fail. When removing all newlines this content seizes to be a PEM formatted file so it can't be used for routes. In any case it is truncated to 1024 characters which makes the certificate corrupted (the above cert is 1089 bytes long and private keys are typically even longer).
Comment 4 Jessica Forrester 2016-10-26 18:46:05 UTC 
We have updated the console to allow the user to flip an input field into a multi-line editing mode (expand/collapse icons)  See https://github.com/openshift/origin-web-console/pull/739

This should at least unblock people that want to use certs in parameters from the web console.

In the future we hope to have special designations on parameters that say whether a parameter should be displayed as a multiline input so the user won't have to do this manually.
Comment 5 Troy Dawson 2016-10-28 19:49:55 UTC 
This has been merged into ose and is in OSE v3.4.0.17 or newer.
Comment 7 Yanping Zhang 2016-10-31 09:24:44 UTC 
Checked on OCP v3.4.0.17, now when create on web console, all input boxes for the parameters can be expanded and collapsed. Try to set route cert by passing parameter, the cert can be imported correctly.
The bug is fixed, so move it to Verified.
Comment 9 errata-xmlrpc 2017-01-18 12:39:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0066
Comment 10 Sviatoslav Sydorenko 2023-11-08 18:58:44 UTC 
The problem ended up being reintroduced in OpenShift 4. I filed an issue on GitHub: https://github.com/openshift/console/issues/13317.
Comment 11 Sviatoslav Sydorenko 2023-11-08 19:02:51 UTC 
Also filed https://issues.redhat.com/browse/OCPBUGS-23080.