Bug 1500934 - When broker is deployed to a namespace other than ansible-service-broker, secret lookup fails
Summary: When broker is deployed to a namespace other than ansible-service-broker, sec...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Service Broker
Version: 3.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 3.7.0
Assignee: Erik Nelson
QA Contact: Zhang Cheng
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-10-11 19:07 UTC by Fabian von Feilitzsch
Modified: 2018-04-05 09:30 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of:
Environment:
Last Closed: 2018-04-05 09:29:37 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0636 0 None None None 2018-04-05 09:30:13 UTC

Description Fabian von Feilitzsch 2017-10-11 19:07:18 UTC
Description of problem:
The secret lookup is hardcoded to the ansible-service-broker namespace. It needs to be dynamically loaded so that the broker can be deployed to arbitrary namespaces

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 3 Zhang Cheng 2017-10-17 08:36:03 UTC
Which method of deploy asb? By template or by ansible installer?
Could you provide a reproduce steps? Thanks.

Comment 4 Zhang Cheng 2017-10-20 09:14:50 UTC
Fabian, Could you provide a reproduce steps? Thanks.

Comment 5 Zhang Cheng 2017-10-24 02:20:48 UTC
John, this card lack enough info to verify for QE, could you help confirm and provide? Thanks.

Comment 6 Fabian von Feilitzsch 2017-10-27 17:24:30 UTC
To test:

1. Install and deploy the broker to a namespace other than ansible-service-broker, for example openshift-ansible-service-broker (which is where the openshift-ansible installer would put it)
2. Create a secret named testsecret containing 
    postgresql_user: test
    postgresql_password: testpass
3. Add a secrets section to the broker config containing:
      secrets:
      - apb_name: dh-rhscl-postgresql-apb
        secret: test
        title: test
   (if you aren't pulling the apbs from dockerhub you may need to change the apb_name to match what is in y our broker)
4. Attempt to deploy the rhscl-postgresql-apb

If the deployment doesn't fail with an error saying that the secret wasn't found in the ansible-service-broker namespace then it worked

Comment 7 Zhang Cheng 2017-10-30 09:20:12 UTC
I will verify after BZ https://bugzilla.redhat.com/show_bug.cgi?id=1496426 is merged.

Comment 8 Zhang Cheng 2017-11-02 10:27:05 UTC
Verified and passed. Testing base on steps in comment6 with latest image v3.7.0-0.189.0.0

Comment 12 errata-xmlrpc 2018-04-05 09:29:37 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0636


Note You need to log in before you can comment on or make changes to this bug.