Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1529467 - Should prevent user from adding configmap/secret data as env when configmap/secret has invalid format key
Should prevent user from adding configmap/secret data as env when configmap/s...
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console (Show other bugs)
3.9.0
Unspecified Unspecified
medium Severity low
: ---
: 3.9.0
Assigned To: Jakub Hadvig
Yadan Pei
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-28 03:58 EST by Yadan Pei
Modified: 2018-03-28 10:17 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Adding a config-map with invalid key name to a DC, in the deploymnet's environment tab. Consequence: The invalid config key wont be added after saving. Fix: Warn user that only valid key from the picked config-map will be added to the DC after saving. Result: User is aware of the fact that only valid keys of the picekd config-map will be added to the DC
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-03-28 10:17:25 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0489 None None None 2018-03-28 10:17 EDT

  None (edit)
Description Yadan Pei 2017-12-28 03:58:31 EST
Description of problem:
Prevent user from adding value from configmap/secret as env if all configmap/secret keys are in invalid format

Version-Release number of selected component (if applicable):
v3.9.0-0.9.0

How reproducible:
Always

Steps to Reproduce:
1.Create DC
$ oc run myrundc --image=aosqe/hello-openshift
2.Create ConfigMap with dot(.) in key name
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/configmap/configmap.json
3.Go to DC page -> Environment -> Click "Add ALL Values from Config Map or Secret" to define all of the ConfigMap’s data as DC's pod environment variables
4.Select special-config from dropdown list as env Source, you will see an warning message 
"Some of the keys for config map special-config are not valid environment variable names and will not be added"
Click "View Details" we could see all keys are in invalid format of env names
5.Click Save button
6.Check environment variables in pod container
$ oc rsh pods myrundc-2-r86z6 
/ $ env
...
special.how=very
special.type=charm
...

Actual results:
5-6. Although the warning message shows the env will not be added, clicking "Save" env vars will be added successfully


Expected results:
5-6 Only add valid key from configmap as env name, if all keys are in invalid format of env name, should disable "Save" button and prevent user from adding 


Additional info:
Comment 1 Jessica Forrester 2018-01-02 07:47:08 EST
We don't prevent the keys from being added client side, it happens at the point the env is set up for the pod on the kubelet. I hesitate to prevent them from adding the secret / config map, we generally err on the side of letting it happen but warning them.  In this case it could still be valid for them to inject the Secret / config map, then modify the secret / config map afterward to have valid content.  The way this feature works it will pull whatever the current state of the object is at the time the pod is created to determine what variables it can inject.

It might be worth updating the warning to be clear in this case that all of the keys are invalid environment variables.
Comment 2 Jakub Hadvig 2018-01-02 08:43:59 EST
+1 for updating the warning message and let know the user that some of the env vars are invalid. There could be a use case where user would want to add an invalid env var wiih intention, but change it later.
Will update the the message
Comment 3 Yadan Pei 2018-01-02 20:51:26 EST
Thanks all, update warning message also reasonable
Comment 4 Samuel Padgett 2018-01-15 15:34:10 EST
Message updated in

https://github.com/openshift/origin-web-console/pull/2617
Comment 5 Yadan Pei 2018-01-18 00:35:05 EST
Checked on v3.9.0-0.20.0

When configmap/secret data includes invalid key, use is not allowed to add them as environment variables, warning info shows 
"...contains keys that are not valid environment variable names. Only ... keys with valid names will be added as environment variables."

Please help move to ON_QA, then QE could verify
Comment 6 Yadan Pei 2018-01-18 00:46:57 EST
Sorry, missed one check in “Add to Application”  dialog


On ConfigMap/Secret page, when click "Add to Application" and select secret/configmap which has invalid key, the Save button is not disabled.
Comment 7 Yadan Pei 2018-01-18 01:01:43 EST
Really sorry for the mistake, I mixed with some other envs.


Here is the latest update, no behavior changes, only warning message updated
"...contains keys that are not valid environment variable names. Only ... keys with valid names will be added as environment variables" as discussed.
Comment 9 Yadan Pei 2018-01-23 02:21:02 EST
Checked on v3.9.0-0.22.0
Warning message changes to 

Secret/Config map <secret_name>/<configmap_name>  contains keys that are not valid environment variable names. Only secret/config map keys with valid names will be added as environment variables.

I think it's clear to user with warning info above, Move to VERIFIED
Comment 12 errata-xmlrpc 2018-03-28 10:17:25 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0489

Note You need to log in before you can comment on or make changes to this bug.