Red Hat Bugzilla – Bug 1529467
Should prevent user from adding configmap/secret data as env when configmap/secret has invalid format key
Last modified: 2018-03-28 10:17:58 EDT
Description of problem:
Prevent user from adding value from configmap/secret as env if all configmap/secret keys are in invalid format
Version-Release number of selected component (if applicable):
Steps to Reproduce:
$ oc run myrundc --image=aosqe/hello-openshift
2.Create ConfigMap with dot(.) in key name
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/configmap/configmap.json
3.Go to DC page -> Environment -> Click "Add ALL Values from Config Map or Secret" to define all of the ConfigMap’s data as DC's pod environment variables
4.Select special-config from dropdown list as env Source, you will see an warning message
"Some of the keys for config map special-config are not valid environment variable names and will not be added"
Click "View Details" we could see all keys are in invalid format of env names
5.Click Save button
6.Check environment variables in pod container
$ oc rsh pods myrundc-2-r86z6
/ $ env
5-6. Although the warning message shows the env will not be added, clicking "Save" env vars will be added successfully
5-6 Only add valid key from configmap as env name, if all keys are in invalid format of env name, should disable "Save" button and prevent user from adding
We don't prevent the keys from being added client side, it happens at the point the env is set up for the pod on the kubelet. I hesitate to prevent them from adding the secret / config map, we generally err on the side of letting it happen but warning them. In this case it could still be valid for them to inject the Secret / config map, then modify the secret / config map afterward to have valid content. The way this feature works it will pull whatever the current state of the object is at the time the pod is created to determine what variables it can inject.
It might be worth updating the warning to be clear in this case that all of the keys are invalid environment variables.
+1 for updating the warning message and let know the user that some of the env vars are invalid. There could be a use case where user would want to add an invalid env var wiih intention, but change it later.
Will update the the message
Thanks all, update warning message also reasonable
Message updated in
Checked on v3.9.0-0.20.0
When configmap/secret data includes invalid key, use is not allowed to add them as environment variables, warning info shows
"...contains keys that are not valid environment variable names. Only ... keys with valid names will be added as environment variables."
Please help move to ON_QA, then QE could verify
Sorry, missed one check in “Add to Application” dialog
On ConfigMap/Secret page, when click "Add to Application" and select secret/configmap which has invalid key, the Save button is not disabled.
Really sorry for the mistake, I mixed with some other envs.
Here is the latest update, no behavior changes, only warning message updated
"...contains keys that are not valid environment variable names. Only ... keys with valid names will be added as environment variables" as discussed.
Checked on v3.9.0-0.22.0
Warning message changes to
Secret/Config map <secret_name>/<configmap_name> contains keys that are not valid environment variable names. Only secret/config map keys with valid names will be added as environment variables.
I think it's clear to user with warning info above, Move to VERIFIED
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.