1712245 – Unable to use shell variable in build config environment variable section when variable name includes a '.'

Bug 1712245 - Unable to use shell variable in build config environment variable section when variable name includes a '.'

Summary: Unable to use shell variable in build config environment variable section whe...

Keywords:
Status:	VERIFIED
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Build
Sub Component:
Version:	4.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.2.0
Assignee:	Nalin Dahyabhai
QA Contact:	wewang
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1712855 (view as bug list)
Depends On:
Blocks:	1713681
TreeView+	depends on / blocked

Reported:	2019-05-21 07:16 UTC by mchoma
Modified:	2019-08-14 14:35 UTC (History)
CC List:	18 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: When shell variables were referenced in build configurations which used the source-to-image build strategy, logic which attempted to produce a Dockerfile which could be used to perform the source-to-image build would incorrectly attempt to evaluate those variables. Consequence: Some shell variables would be erroneously evaluated as empty values, leading to build errors, and other variables would trigger error messages from failed attempts to evaluate them. Fix: Shell variables referenced in build configurations are now properly escaped, so that they are evaluated at the expected time. Result: These errors should no longer be observed.
Clone Of:
Clones:	1713681 (view as bug list)
Environment:
Last Closed:

Attachments	(Terms of Use)
build.log (1.18 KB, text/plain) 2019-05-21 07:30 UTC, mchoma	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description mchoma 2019-05-21 07:16:42 UTC

Description of problem:
Setting environment variable using shell variable, e.g. ${user.home} leads to error during build

Missing ':' in substitution: "${user.home}"


Version-Release number of selected component (if applicable):
OCP 4.1.0-rc.5

How reproducible:


Steps to Reproduce:
oc login url
oc create -f ./build_config.yaml
oc start-build env-reproducer-bc --follow

Builds ends with error
error: build error: error resolving step {Value:env Next:0xc4208e32d0 Children:[] Attributes:map[] Original:ENV OPENSHIFT_BUILD_NAME="env-reproducer-bc-2" OPENSHIFT_BUILD_NAMESPACE="default" TEST="${user.home}" Flags:[] StartLine:3 endLine:3}: Missing ':' in substitution: "${user.home}"

build_config.yaml:

kind: BuildConfig
apiVersion: build.openshift.io/v1
metadata:
  name: env-reproducer-bc
  namespace: default
spec:
  nodeSelector: null
  output: {}
  resources: {}
  successfulBuildsHistoryLimit: 5
  failedBuildsHistoryLimit: 5
  strategy:
    type: Source
    sourceStrategy:
      from:
        kind: DockerImage
        name: 'registry.access.redhat.com/jboss-eap-7/eap72-openshift:1.0'
      env:
        - name: TEST
          value: '${user.home}'
  postCommit: {}
  source:
    type: None
  triggers:
    - type: ConfigChange
  runPolicy: Serial
status:
  lastVersion: 1

Additional info:
Reproducer is working fine on OCP 3.11. 
I assume that has something to do with replacing docker with other container technologies on OCP cluster.

Comment 1 mchoma 2019-05-21 07:30:15 UTC

Created attachment 1571511 [details]
build.log

Comment 2 XiuJuan Wang 2019-05-21 08:31:01 UTC

Could reproduce this with customer case in 4.1.0-0.nightly-2019-05-21-005558 version.
And works with v3.11.115 and v3.10.145.

Comment 3 Adam Kaplan 2019-05-21 12:54:32 UTC

Moving to the Containers component - bug appears to be in buildah processing the Dockerfile.

We can't call this issue closed until the issue is fixed in buildah and merged into openshift/builder. We will also want to backport the fix to 4.1.z.

Comment 4 Nalin Dahyabhai 2019-05-21 18:14:54 UTC

Hmm, it looks like it's producing an error when the variable name includes a '.'.  When I try the logged instructions using a Dockerfile with 'docker build' (both moby-engine-18.06.3-2.ce.gitd7080c1.fc30.x86_64 or docker-1.13.1-96.gitb2f74b2.el7.x86_64), I get the same `Missing ':' in substitution: "${user.home}"` error:

  FROM registry.access.redhat.com/jboss-eap-7/eap72-openshift:1.0
  LABEL "io.openshift.build.image"="registry.access.redhat.com/jboss-eap-7/eap72-openshift:1.0" "io.openshift.build.source-location"="/tmp/build/inputs"
  ENV OPENSHIFT_BUILD_NAME="env-reproducer-bc-2" OPENSHIFT_BUILD_NAMESPACE="default" TEST="${user.home}"

A bit of experimenting with 3.11.98 suggests that for s2i builds, environment variables set in the build config weren't being expanded, and ended up being set as specified in the resulting image's config blob, and the trigger for the build failing is that we're attempting to do so now.

Comment 5 Nalin Dahyabhai 2019-05-22 00:00:30 UTC

This looks like a combination of https://github.com/openshift/source-to-image/pull/969 and https://github.com/containers/buildah/pull/1607.

Comment 6 Paul Weil 2019-05-22 12:27:54 UTC

*** Bug 1712855 has been marked as a duplicate of this bug. ***

Comment 15 Adam Kaplan 2019-06-10 18:06:53 UTC

PR: https://github.com/openshift/builder/pull/76

Comment 16 Adam Kaplan 2019-06-21 17:31:17 UTC

Wen - is this ON_QA yet? Cloned BZ for 4.1.z has been verified.

Comment 18 wewang 2019-06-25 02:01:42 UTC

Verified version:
4.2.0-0.nightly-2019-06-24-160709

Note You need to log in before you can comment on or make changes to this bug.