Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1726538

Summary: OCP sync plug-in for jenkins does not change credential name in Jenkins after setting proper annotation in secret
Product: OpenShift Container Platform Reporter: Arnab Ghosh <arghosh>
Component: JenkinsAssignee: Vibhav Bobade <vbobade>
Status: CLOSED ERRATA QA Contact: XiuJuan Wang <xiuwang>
Severity: low Docs Contact:
Priority: unspecified    
Version: 3.11.0CC: abenaiss, aos-bugs, calfonso, mfojtik, vbobade
Target Milestone: ---   
Target Release: 3.11.z   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-16 11:57:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Arnab Ghosh 2019-07-03 06:55:23 UTC 
Description of problem:
The name of the credential in Jenkins does not change after annotating the secret with below key value pair. As per documentation[1] it should work.

~~~
jenkins.openshift.io/secret.name=credname
~~~

Version-Release number of selected component (if applicable):
v3.11

How reproducible:
Always

Steps to Reproduce:
1. Deploy jenkins

2. Create a secret of type Opaque/basic-auth/ssh-auth
   # oc create secret generic ocp-secretname -n <project_name> --from-literal=username=testuser --from-literal=password=testpass --type=kubernetes.io/basic-auth

3. Set following label to the secret in order to mark that it should be synced
   # oc label secret  ocp-secretname credential.sync.jenkins.openshift.io=true -n <project_name>

4. Annotate the secret to let sync plugin know the name you want to set for the newly created credential in Jenkins
   # oc annotate secret ocp-secretname jenkins.openshift.io/secret.name=credname -n <project_name> 

5. Check credential window in Jenkins, you should be able to see that the name of the credential is unchanged(<project_name>-<secret_name>) but as per documentation it should have been changed to 'credname'

Actual results:
Credential name in jenkins is not changing after annotating the secret properly

Expected results:
Name of the credential should be set as the name defined in annotation 'jenkins.openshift.io/secret.name'

Additional info:
Comment 1 Arnab Ghosh 2019-07-03 06:57:11 UTC 
documentation - [1] - https://github.com/openshift/jenkins-sync-plugin
                      https://docs.openshift.com/container-platform/3.11/using_images/other_images/jenkins.html#sync-plug-in
Comment 2 Adam Kaplan 2019-07-17 13:42:16 UTC 
Assigning to Jenkins component
Comment 3 Vibhav Bobade 2019-07-22 13:44:41 UTC 
Hello Arnab,

Thanks for opening this. We are looking a this right now. Will get back to you with this.

Regards,
Vibhav
Comment 4 Akram Ben Aissi 2019-09-05 13:38:18 UTC 
Development is being tracked here: https://jira.coreos.com/browse/APPSVC-12
Comment 5 Vibhav Bobade 2019-09-09 07:16:16 UTC 
Hello Arnab,

Can you check with the customer and let us know what is the version of sync plugin installed in Jenkins ?

Regards,
Vibhav
Comment 11 XiuJuan Wang 2019-12-03 05:57:48 UTC 
Follow these steps to verify this bug with openshift3/jenkins-2-rhel7:v3.11(v3.11.157-1), and pass.

1. Deploy jenkins
2. Create a secret of type Opaque/basic-auth/ssh-auth
$oc create secret generic ocp-secretname -n xiuwang1 --from-literal=username=testuser --from-literal=password=testpass --type=kubernetes.io/basic-auth
secret/ocp-secretname created
3. Set following label to the secret in order to mark that it should be synced
$oc label secret  ocp-secretname credential.sync.jenkins.openshift.io=true -n xiuwang1
secret/ocp-secretname labeled
4.Check credentials in the /credentials page

5. Create a new secret
$oc create secret generic credname -n xiuwang1 --from-literal=username=testuser --from-literal=password=testpass --type=kubernetes.io/basic-auth
6.Annotate the secret to let sync plugin know the name you want to set for the newly created credential in Jenkins
$ oc annotate secret ocp-secretname jenkins.openshift.io/secret.name=credname -n xiuwang1
7. Check credentials in the /credentials page
The credentials name has changed to credname.
Comment 12 XiuJuan Wang 2019-12-03 05:58:51 UTC 
(In reply to XiuJuan Wang from comment #11)
Additional info: openshift-sync plugin is 1.0.43
Comment 14 errata-xmlrpc 2019-12-16 11:57:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:4050