Bug 1367246 – [networking_public_244] Egressnetworkpolicy could edit to an invalid value by oc edit

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1367246 - [networking_public_244] Egressnetworkpolicy could edit to an invalid value by oc edit

Summary:	[networking_public_244] Egressnetworkpolicy could edit to an invalid value by...

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking (Show other bugs)
Sub Component:
Version:	3.3.0
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Dan Winship
QA Contact:	Meng Bo
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2016-08-15 23:18 EDT by Yan Du
Modified:	2017-03-08 13 EST (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:	undefined
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-09-27 05:44:18 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Github	openshift/origin/pull/10466	None	None	None	2016-08-16 16:12 EDT
Red Hat Product Errata	RHBA-2016:1933	normal	SHIPPED_LIVE	Red Hat OpenShift Container Platform 3.3 Release Advisory	2016-09-27 09:24:36 EDT

Groups: None (edit)

Description Yan Du 2016-08-15 23:18:26 EDT

Version-Release number of selected component (if applicable):
openshift v3.3.0.19
kubernetes v1.3.0+507d3a7
etcd 2.3.0+git


How reproducible:
Always


Steps to Reproduce:
1. Create an egressnetworkpolicy with correct CIDRSelector
# oc get egressnetworkpolicy -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: EgressNetworkPolicy
  metadata:
    creationTimestamp: 2016-08-16T03:07:11Z
    name: default
    namespace: xiaocwan-t
    resourceVersion: "35332"
    selfLink: /oapi/v1/namespaces/xiaocwan-t/egressnetworkpolicies/default
    uid: 86802cb7-635e-11e6-8bce-0efe35a55201
  spec:
    egress:
    - to:
        cidrSelector: 10.66.140.0/24
      type: Allow
    - to:
        cidrSelector: 10.0.0.0/8
      type: Deny
kind: List
metadata: {}

2. Edit CIDRSelector to invalid value by oc edit, eg: a.b.c.d/16
# oc edit egressnetworkpolicy default
egressnetworkpolicy "default" edited

3. Check the egressnetworkpolicy again



Actual results:
2.  Could edit successfully without any warning message
# oc edit egressnetworkpolicy default
egressnetworkpolicy "default" edited

3. # oc get egressnetworkpolicy -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: EgressNetworkPolicy
  metadata:
    creationTimestamp: 2016-08-16T03:07:11Z
    name: default
    namespace: xiaocwan-t
    resourceVersion: "35403"
    selfLink: /oapi/v1/namespaces/xiaocwan-t/egressnetworkpolicies/default
    uid: 86802cb7-635e-11e6-8bce-0efe35a55201
  spec:
    egress:
    - to:
        cidrSelector: a.b.c.d/16
      type: Allow
    - to:
        cidrSelector: 10.0.0.0/8
      type: Deny
kind: List
metadata: {}


Expected results:
2. User could get some warning message when edit cidrSelector to invalid value


Additional info:
When we create egressnetworkpolicy with invalid value, we could get such warning:
# oc create -f e.json 
The EgressNetworkPolicy "default" is invalid.
spec.egress[1].to: Invalid value: "a.b.c.d/32": invalid CIDR address: a.b.c.d/32

Comment 1 Dan Winship 2016-08-16 16:12:40 EDT

FYI note that this was true of ClusterNetwork, HostSubnet, and NetNamespace as well. (All fixed in the linked PR.)

Comment 2 Dan Winship 2016-08-18 08:42:10 EDT

fixed in git

Comment 3 Yan Du 2016-08-19 05:24:17 EDT

Test on latest origin env, bug have been fixed. We could get the error message "# * spec.egress[1].to: Invalid value: "sd.d.d.a/24": invalid CIDR address: sd.d.d.a/24 when set CIDR to invalid value.

oc v1.3.0-alpha.3+bca49e5
kubernetes v1.3.0+507d3a7

Comment 4 Troy Dawson 2016-08-19 17:15:25 EDT

This has been merged into ose and is in OSE v3.3.0.23 or newer.

Comment 6 Yan Du 2016-08-21 23:06:31 EDT

Test on OSE and bug have been fixed. 
oc v3.3.0.23-dirty
kubernetes v1.3.0+507d3a7

Comment 8 errata-xmlrpc 2016-09-27 05:44:18 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1933

Note You need to log in before you can comment on or make changes to this bug.