Bug 1529467 - Should prevent user from adding configmap/secret data as env when configmap/secret has invalid format key
Summary: Should prevent user from adding configmap/secret data as env when configmap/s...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 3.9.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.9.0
Assignee: Jakub Hadvig
QA Contact: Yadan Pei
Depends On:
TreeView+ depends on / blocked
Reported: 2017-12-28 08:58 UTC by Yadan Pei
Modified: 2018-03-28 14:17 UTC (History)
6 users (show)

Adding a config-map with invalid key name to a DC, in the deploymnet's environment tab.

The invalid config key wont be added after saving. 

Warn user that only valid key from the picked config-map will be added to the DC after saving.

User is aware of the fact that only valid keys of the picekd config-map will be added to the DC
Clone Of:
Last Closed: 2018-03-28 14:17:25 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0489 None None None 2018-03-28 14:17 UTC

Description Yadan Pei 2017-12-28 08:58:31 UTC
Description of problem:
Prevent user from adding value from configmap/secret as env if all configmap/secret keys are in invalid format

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Create DC
$ oc run myrundc --image=aosqe/hello-openshift
2.Create ConfigMap with dot(.) in key name
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/configmap/configmap.json
3.Go to DC page -> Environment -> Click "Add ALL Values from Config Map or Secret" to define all of the ConfigMap’s data as DC's pod environment variables
4.Select special-config from dropdown list as env Source, you will see an warning message 
"Some of the keys for config map special-config are not valid environment variable names and will not be added"
Click "View Details" we could see all keys are in invalid format of env names
5.Click Save button
6.Check environment variables in pod container
$ oc rsh pods myrundc-2-r86z6 
/ $ env

Actual results:
5-6. Although the warning message shows the env will not be added, clicking "Save" env vars will be added successfully

Expected results:
5-6 Only add valid key from configmap as env name, if all keys are in invalid format of env name, should disable "Save" button and prevent user from adding 

Additional info:

Comment 1 Jessica Forrester 2018-01-02 12:47:08 UTC
We don't prevent the keys from being added client side, it happens at the point the env is set up for the pod on the kubelet. I hesitate to prevent them from adding the secret / config map, we generally err on the side of letting it happen but warning them.  In this case it could still be valid for them to inject the Secret / config map, then modify the secret / config map afterward to have valid content.  The way this feature works it will pull whatever the current state of the object is at the time the pod is created to determine what variables it can inject.

It might be worth updating the warning to be clear in this case that all of the keys are invalid environment variables.

Comment 2 Jakub Hadvig 2018-01-02 13:43:59 UTC
+1 for updating the warning message and let know the user that some of the env vars are invalid. There could be a use case where user would want to add an invalid env var wiih intention, but change it later.
Will update the the message

Comment 3 Yadan Pei 2018-01-03 01:51:26 UTC
Thanks all, update warning message also reasonable

Comment 4 Samuel Padgett 2018-01-15 20:34:10 UTC
Message updated in


Comment 5 Yadan Pei 2018-01-18 05:35:05 UTC
Checked on v3.9.0-0.20.0

When configmap/secret data includes invalid key, use is not allowed to add them as environment variables, warning info shows 
"...contains keys that are not valid environment variable names. Only ... keys with valid names will be added as environment variables."

Please help move to ON_QA, then QE could verify

Comment 6 Yadan Pei 2018-01-18 05:46:57 UTC
Sorry, missed one check in “Add to Application”  dialog

On ConfigMap/Secret page, when click "Add to Application" and select secret/configmap which has invalid key, the Save button is not disabled.

Comment 7 Yadan Pei 2018-01-18 06:01:43 UTC
Really sorry for the mistake, I mixed with some other envs.

Here is the latest update, no behavior changes, only warning message updated
"...contains keys that are not valid environment variable names. Only ... keys with valid names will be added as environment variables" as discussed.

Comment 9 Yadan Pei 2018-01-23 07:21:02 UTC
Checked on v3.9.0-0.22.0
Warning message changes to 

Secret/Config map <secret_name>/<configmap_name>  contains keys that are not valid environment variable names. Only secret/config map keys with valid names will be added as environment variables.

I think it's clear to user with warning info above, Move to VERIFIED

Comment 12 errata-xmlrpc 2018-03-28 14:17:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.