Bug 1733103 - When OpenID is configured with an empty CA in inventory, in master-config is wrong configured
Summary: When OpenID is configured with an empty CA in inventory, in master-config is ...
Keywords:
Status: CLOSED DUPLICATE of bug 1812413
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 3.11.z
Assignee: Russell Teague
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-25 08:36 UTC by Alberto Gonzalez de Dios
Modified: 2020-05-12 19:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-05-12 19:29:33 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Alberto Gonzalez de Dios 2019-07-25 08:36:38 UTC
Description of problem:

When IdentityProvider for OpenID login is configured in the inventory with the key/value pair "'ca': ''", and run the openshift-master/config.yml playbook, in the master-config.yml appears a line defining the key "ca" with a filename /etc/origin/master/<providername>_openid_ca.crt.

The configuration with the playbook runs without errors. But the login with this IdentityProvider is not possible. After a "restart_master api/controllers" on every master, the startup doesn't work. There is an error in the "master-logs api api" saying "file not found /etc/origin/master/<providername>_openid_ca.crt".

Inventory:
openshift_master_identity_providers=[{"name": "OpenID", "login": "true", "challenge": "true", "mappingMethod": "add", "kind": "OpenIDIdentityProvider", "ca": "", ... }]

Master-config gets configured as:

  - name: OpenID
    provider:
      apiVersion: v1
      ca: /etc/origin/master/<providername>_openid_ca.crt

But it should be configured as:

  - name: OpenID
    provider:
      apiVersion: v1
      ca: ''

If define "openshift_master_openid_ca_file" variable with an empty value in the inventory, then there is an error while running the master/config.yml saying "File lookup error"

This issue is very similar to BZ 1627764, but that issue was fixed just for LDAP identity provider.


Version-Release number of the following components:
3.11.98


How reproducible:
Configure inventory with OpenIDIdentityProvider and empty ca and run master/config.yml


Steps to Reproduce:
1. Configure inventory with OpenIDIdentityProvider with an empty ca

openshift_master_identity_providers=[{"name": "OpenID", "login": "true", "challenge": "true", "mappingMethod": "add", "kind": "OpenIDIdentityProvider", "ca": "", ... }]

2. Run master/config.yml


Actual results:

master-config.yml:
  - name: OpenID
    provider:
      apiVersion: v1
      ca: /etc/origin/master/<providername>_openid_ca.crt


Expected results:

master-config.yml:
  - name: OpenID
    provider:
      apiVersion: v1
      ca: ''


Note You need to log in before you can comment on or make changes to this bug.