Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1723753

Summary: OpenShift incorrectly applies RFC 6902 JSON PATCH
Product: OpenShift Container Platform Reporter: Keith Wall <kwall>
Component: kube-apiserverAssignee: Lukasz Szaszkiewicz <lszaszki>
Status: CLOSED ERRATA QA Contact: Xingxing Xia <xxia>
Severity: medium Docs Contact:
Priority: high    
Version: 3.11.0CC: aos-bugs, jscholz, mfojtik, sreber, xxia
Target Milestone: ---   
Target Release: 3.11.z   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-09-03 15:56:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Keith Wall 2019-06-25 10:02:20 UTC 
Description of problem:

(Please refer to PR https://github.com/openshift/origin/pull/22267)

AMQ Online runs on OpenShift. We have run into a bug in the OpenShift
server handling of RFC 6902 JSON PATCH.  The
implementation of the "move" operation is broken.  This bug can
generate patched resources that are wrong, or in some case, later
operations within the same patch will error spuriously.

It affects the AMQ Online upgrade use case.  When a user deploys a new
AMQ Online over an old one, internally, AMQ Online uses
io.fabric8.kubernetes.client.dsl.Patchable#patch to alter the desired
state of resources to the upgraded form.  This defect means that this
automated upgrade process can fail or generate invalid results.

I have described the defect here and attached a reproducer that
demonstrates that "move" is incorrectly implemented.

https://github.com/openshift/origin/issues/23206

We know from commentary provided on https://github.com/openshift/origin/issues/23206 that the defect is fixed in OpenShift 4.1, however, OpenShift 3.11 remains supported and is a supported platform for AMQ Online, so the issue remains live for customers of this product.

Version-Release number of selected component (if applicable):

3.11

How reproducible:

100%

Steps to Reproduce:

Steps enumerated https://github.com/openshift/origin/issues/23206

Actual results:

Corrupted resource declaration (statefulsets, deployments etc).


Expected results:

Corrected patched resources.

Additional info:
Comment 11 Xingxing Xia 2019-08-23 13:24:56 UTC 
Lukasz, there is an OCP v3.11.139 env on hand, verified it with comment 2 steps:
oc new-app openshift/hello-openshift A=a B=b C=c D=d E=e

oc patch dc hello-openshift --type=json -p='[ { "op" : "move", "from" : "/spec/template/spec/containers/0/env/1", "path" : "/spec/template/spec/containers/0/env/2" } ]'

oc get dc hello-openshift -o yaml
...
    spec:
      containers:
      - env:
        - name: A
          value: a
        - name: C
          value: c
        - name: B
          value: b
        - name: D
          value: d
        - name: E
          value: e

It moves B to the target index 2 correctly.

Will move to VERIFIED once bug is attached in an errata advisory that moves it to ON_QA
Comment 14 errata-xmlrpc 2019-09-03 15:56:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2580