1581106 – Add label for secret created in openshift-ansible-service-broker namespace when binding

Bug 1581106 - Add label for secret created in openshift-ansible-service-broker namespace when binding

Summary: Add label for secret created in openshift-ansible-service-broker namespace wh...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Service Broker
Sub Component:
Version:	3.10.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.11.0
Assignee:	Erik Nelson
QA Contact:	Zihan Tang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-05-22 07:40 UTC by Zihan Tang
Modified:	2018-10-11 07:20 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:	undefined
Clone Of:
Environment:
Last Closed:	2018-10-11 07:20:00 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:2652	0	None	None	None	2018-10-11 07:20:21 UTC

Description Zihan Tang 2018-05-22 07:40:14 UTC

Description of problem:
when create binding, will create a secret in openshift-ansible-service-broker namespace , the secret is better to add a 'apbAction=bind' label as the provision secret.

# oc get secret --show-labels
NAME                                   TYPE                                  DATA      AGE       LABELS
37c6c876-5d90-11e8-8814-0a580a800004   Opaque                                1         48s       apbAction=provision,apbName=dh-mariadb-apb
547fb66e-5d90-11e8-8814-0a580a800004   Opaque                                1         8s        <none>


Version-Release number of selected component (if applicable):
asb 1.2.12

How reproducible:
always

Steps to Reproduce:
1. provision a apb and create a binding 
2. check the secret 
3.

Actual results:
no label for the binding secret .
# oc get secret --show-labels
NAME                                   TYPE                                  DATA      AGE       LABELS
37c6c876-5d90-11e8-8814-0a580a800004   Opaque                                1         48s       apbAction=provision,apbName=dh-mariadb-apb
547fb66e-5d90-11e8-8814-0a580a800004   Opaque                                1         8s        <none>

oc get secret 547fb66e-5d90-11e8-8814-0a580a800004 -o yaml
apiVersion: v1
data:
  credentials: eyJEQl9IT1NUIjoicmhzY2wtbWFyaWFkYiIsIkRCX05BTUUiOiJhZG1pbiIsIkRCX1BBU1NXT1JEIjoiZGRkZCIsIkRCX1BPUlQiOiIzMzA2IiwiREJfVFlQRSI6Im15c3FsIiwiREJfVVNFUiI6ImFkbWluIn0=
kind: Secret
metadata:
  creationTimestamp: 2018-05-22T07:18:31Z
  name: 547fb66e-5d90-11e8-8814-0a580a800004
  namespace: openshift-ansible-service-broker
  resourceVersion: "41767"
  selfLink: /api/v1/namespaces/openshift-ansible-service-broker/secrets/547fb66e-5d90-11e8-8814-0a580a800004
  uid: 54ba420e-5d90-11e8-9843-0e0ea6ba27fc
type: Opaque


Expected results:
add label 
  apbAction=bind,apbName=dh-mariadb-apb

Additional info:

Comment 1 Erik Nelson 2018-08-02 13:32:25 UTC

https://github.com/automationbroker/bundle-lib/pull/157

A fix for this was actually committed to bundle-lib master a few days before this bz was filed. I noticed an inconsistency with these labels between actions, seeing 'apb{Action,Name}' and 'bundle{Action,Name}' both used. The bundle variant is more correct, so I have applied consistent labels across actions with the above PR.

Comment 3 Zihan Tang 2018-08-17 05:28:58 UTC

verify failed.
asb: v3.11.0-0.17.0 (1.3.9)

the binding credentials in openshift-ansible-service-broker project still doest has label about 'bind'

# oc get secret --show-labels
NAME                                   TYPE                                  DATA      AGE       LABELS
42891cbf-a1dc-11e8-9338-0a580a800006   Opaque                                1         11m       bundleAction=provision,bundleName=aws-postgresql-apb
9b64d37d-a1dd-11e8-9338-0a580a800006   Opaque                                1         3m        <none>


9b64d37d-a1dd-11e8-9338-0a580a800006 is the secret from binding

Comment 4 Erik Nelson 2018-08-21 15:57:33 UTC

There's one particular code path that was missed, here is the fix: https://github.com/openshift/ansible-service-broker/pull/1054

Comment 5 Dylan Murray 2018-08-22 14:47:54 UTC

New builds added to advisory:
openshift-enterprise-asb-container-v3.11.0-0.20.0.0
openshift-enterprise-apb-tools-container-v3.11.0-0.20.0.0

Comment 6 Zihan Tang 2018-08-28 09:08:56 UTC

Verified
asb: 1.3.12
# oc get secret --show-labels
NAME                                   TYPE                                  DATA      AGE       LABELS
3eb53e91-aaa1-11e8-9d23-0a580a800006   Opaque                                1         2m        bundleAction=bind,bundleName=rh-postgresql-apb

Comment 8 errata-xmlrpc 2018-10-11 07:20:00 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652

Note You need to log in before you can comment on or make changes to this bug.