Bug 1380837 - ClusterResourceQuota annotation selector encounters errors matching special characters
Summary: ClusterResourceQuota annotation selector encounters errors matching special c...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Master
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Jordan Liggitt
QA Contact: weiwei jiang
URL:
Whiteboard:
Depends On: 1376052
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-30 17:31 UTC by Scott Dodson
Modified: 2017-03-08 18:26 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: ClusterResourceQuota annotation selectors containing special characters caused parse errors when being used to select namespaces. Consequence: Namespaces that should have the cluster resource quota applied to them were not restricted by the cluster resource quota Fix: Handle special characters correctly Result: The specified namespaces have cluster resource quota correctly applied.
Clone Of: 1376052
Environment:
Last Closed: 2016-10-04 12:44:06 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1988 0 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.3.0.34 bug fix update 2016-10-04 16:43:31 UTC

Description Scott Dodson 2016-09-30 17:31:15 UTC 
+++ This bug was initially created as a clone of Bug #1376052 +++

cloned from https://github.com/openshift/origin/issues/10877 for QE

Description of problem:

ClusterResourceQuota annotation selector encounters errors if the keys or values contain characters that do not validate as label keys or values


Version-Release number of selected component (if applicable):


How reproducible:

Always

Steps to Reproduce:
1. Create a clusterresourcequota object with an annotations selector like this:
   "annotations":{"special key 1": "special value", "email":"user"}

2. Create a project, and annotate it with matching annotations

3. Observe errors in the server log, the clusterresourcequota status does not indicate the namespace was matched, and no clusterresourcequota is enforced in the project.


Additional info:

--- Additional comment from Jordan Liggitt on 2016-09-14 10:23:01 EDT ---

fixed in https://github.com/openshift/origin/pull/10896

--- Additional comment from Qixuan Wang on 2016-09-18 05:27:30 EDT ---

Tested on OCP3.3(openshift v3.3.0.31, kubernetes v1.3.0+52492b4, etcd 2.3.0+git)

There are some questions associated with testing:

1. Is there a separated bug for CLI fix https://github.com/openshift/origin/pull/10912 ?

2. Should ClusterResourceQuota label selector support keys/values contain characters like this bug fixed? For example:
spec.selector.labels.matchLabels: Invalid value: "qwang": must match the regex (([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])? (e.g. 'MyValue' or 'my_value' or '12345')

3. If lable selector supports special characters, should command "oc label namespace/project" support these?

Here is Server-side test result:

[root@dhcp-141-95 qwang]# cat bugs.yaml 
{
    "kind": "ClusterResourceQuota",
    "apiVersion": "v1",
    "metadata": {
        "name": "crq-test-6"
    },
    "spec": {
        "quota": {
            "hard": {
                "pods": "10",
                "secrets": "12"
            }
        },
        "selector": {
            "labels": {
                "matchLabels": {
                    "user": "qe"
                }
            },
            "annotations": {
                "openshift.io/requester": "qwang"
            }
        }
    }
}

[root@dhcp-141-95 qwang]# oc create -f bug.yaml 
clusterresourcequota "crq-test-6" created

[root@dhcp-141-95 qwang]# oc describe clusterresourcequotas crq-test-6
Name:		crq-test-6
Namespace:	<none>
Created:	8 seconds ago
Labels:		<none>
Annotations:	<none>
Label Selector: user=qe
AnnotationSelector: map[openshift.io/requester:qwang]
Resource	Used	Hard
--------	----	----

--- Additional comment from Jordan Liggitt on 2016-09-18 07:59:46 EDT ---

1. There should be a separate bug. Fabiano, can you open one?

2. No, label selectors are working correctly now. They do not include special characters

3. No, only annotations support special characters like that

--- Additional comment from Fabiano Franz on 2016-09-21 17:58:24 EDT ---

Separate bug for the CLI part: https://bugzilla.redhat.com/show_bug.cgi?id=1378243

--- Additional comment from DeShuai Ma on 2016-09-22 08:21:39 EDT ---

Test on openshift v1.4.0-alpha.0+aa08313, verify this bug.

Steps:
1. Create a clusterresourcequota with special annotations
[root@ip-172-18-5-251 ~]# oc create clusterresourcequota limit-bob --project-annotation-selector=openshift.io/requester=usertest --hard=pods=10
clusterresourcequota "limit-bob" created

2. Create a project match annotations
[root@ip-172-18-5-251 ~]# oadm new-project dma
Created project dma
[root@ip-172-18-5-251 ~]# oc annotate namespaces/dma openshift.io/requester=usertest

3. Check the clusterresourcequota status
oc get clusterresourcequota limit-bob -o json
{
    "kind": "ClusterResourceQuota",
    "apiVersion": "v1",
    "metadata": {
        "name": "limit-bob",
        "selfLink": "/oapi/v1/clusterresourcequotas/limit-bob",
        "uid": "c3086a15-80bb-11e6-93d0-0e6e19152557",
        "resourceVersion": "2067",
        "creationTimestamp": "2016-09-22T11:57:40Z"
    },
    "spec": {
        "selector": {
            "labels": null,
            "annotations": {
                "openshift.io/requester": "usertest"
            }
        },
        "quota": {
            "hard": {
                "pods": "10"
            }
        }
    },
    "status": {
        "total": {
            "hard": {
                "pods": "10"
            },
            "used": {
                "pods": "0"
            }
        },
        "namespaces": [
            {
                "namespace": "dma",
                "status": {
                    "hard": {
                        "pods": "10"
                    },
                    "used": {
                        "pods": "0"
                    }
                }
            }
        ]
    }
}

4. Create a pod in project and confirm clusterresourcequota is consumed by project
[root@ip-172-18-5-251 ~]# oc create -f https://raw.githubusercontent.com/openshift/origin/master/examples/hello-openshift/hello-pod.json -n dma
pod "hello-openshift" created
[root@ip-172-18-5-251 ~]# oc describe clusterresourcequotas limit-bob
Name:		limit-bob
Namespace:	<none>
Created:	14 minutes ago
Labels:		<none>
Annotations:	<none>
Label Selector: <null>
AnnotationSelector: map[openshift.io/requester:usertest]
Resource	Used	Hard
--------	----	----
pods		1	10
Comment 4 errata-xmlrpc 2016-10-04 12:44:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1988
Note You need to log in before you can comment on or make changes to this bug.