Bug 1367246 - [networking_public_244] Egressnetworkpolicy could edit to an invalid value by oc edit
Summary: [networking_public_244] Egressnetworkpolicy could edit to an invalid value by...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Dan Winship
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-16 03:18 UTC by Yan Du
Modified: 2017-03-08 18:26 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of:
Environment:
Last Closed: 2016-09-27 09:44:18 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1933 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.3 Release Advisory 2016-09-27 13:24:36 UTC
Github openshift origin pull 10466 None None None 2016-08-16 20:12:40 UTC

Description Yan Du 2016-08-16 03:18:26 UTC
Version-Release number of selected component (if applicable):
openshift v3.3.0.19
kubernetes v1.3.0+507d3a7
etcd 2.3.0+git


How reproducible:
Always


Steps to Reproduce:
1. Create an egressnetworkpolicy with correct CIDRSelector
# oc get egressnetworkpolicy -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: EgressNetworkPolicy
  metadata:
    creationTimestamp: 2016-08-16T03:07:11Z
    name: default
    namespace: xiaocwan-t
    resourceVersion: "35332"
    selfLink: /oapi/v1/namespaces/xiaocwan-t/egressnetworkpolicies/default
    uid: 86802cb7-635e-11e6-8bce-0efe35a55201
  spec:
    egress:
    - to:
        cidrSelector: 10.66.140.0/24
      type: Allow
    - to:
        cidrSelector: 10.0.0.0/8
      type: Deny
kind: List
metadata: {}

2. Edit CIDRSelector to invalid value by oc edit, eg: a.b.c.d/16
# oc edit egressnetworkpolicy default
egressnetworkpolicy "default" edited

3. Check the egressnetworkpolicy again



Actual results:
2.  Could edit successfully without any warning message
# oc edit egressnetworkpolicy default
egressnetworkpolicy "default" edited

3. # oc get egressnetworkpolicy -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: EgressNetworkPolicy
  metadata:
    creationTimestamp: 2016-08-16T03:07:11Z
    name: default
    namespace: xiaocwan-t
    resourceVersion: "35403"
    selfLink: /oapi/v1/namespaces/xiaocwan-t/egressnetworkpolicies/default
    uid: 86802cb7-635e-11e6-8bce-0efe35a55201
  spec:
    egress:
    - to:
        cidrSelector: a.b.c.d/16
      type: Allow
    - to:
        cidrSelector: 10.0.0.0/8
      type: Deny
kind: List
metadata: {}


Expected results:
2. User could get some warning message when edit cidrSelector to invalid value


Additional info:
When we create egressnetworkpolicy with invalid value, we could get such warning:
# oc create -f e.json 
The EgressNetworkPolicy "default" is invalid.
spec.egress[1].to: Invalid value: "a.b.c.d/32": invalid CIDR address: a.b.c.d/32

Comment 1 Dan Winship 2016-08-16 20:12:40 UTC
FYI note that this was true of ClusterNetwork, HostSubnet, and NetNamespace as well. (All fixed in the linked PR.)

Comment 2 Dan Winship 2016-08-18 12:42:10 UTC
fixed in git

Comment 3 Yan Du 2016-08-19 09:24:17 UTC
Test on latest origin env, bug have been fixed. We could get the error message "# * spec.egress[1].to: Invalid value: "sd.d.d.a/24": invalid CIDR address: sd.d.d.a/24 when set CIDR to invalid value.

oc v1.3.0-alpha.3+bca49e5
kubernetes v1.3.0+507d3a7

Comment 4 Troy Dawson 2016-08-19 21:15:25 UTC
This has been merged into ose and is in OSE v3.3.0.23 or newer.

Comment 6 Yan Du 2016-08-22 03:06:31 UTC
Test on OSE and bug have been fixed. 
oc v3.3.0.23-dirty
kubernetes v1.3.0+507d3a7

Comment 8 errata-xmlrpc 2016-09-27 09:44:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1933


Note You need to log in before you can comment on or make changes to this bug.