1746332 – Migration storage secrets are leaked

Bug 1746332 - Migration storage secrets are leaked

Summary: Migration storage secrets are leaked

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Migration Tooling
Sub Component:
Version:	4.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.4.0
Assignee:	Erik Nelson
QA Contact:	Sergio
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-08-28 08:15 UTC by Sergio
Modified:	2020-05-28 11:06 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-05-28 11:06:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2020:2328	0	None	None	None	2020-05-28 11:06:54 UTC

Description Sergio 2019-08-28 08:15:48 UTC

Description of problem:

When a migration storage resource is created, a secret with the same name is created in namespace openshift-config. This secret is not deleted if the storage is deleted.


Version-Release number of selected component (if applicable):

OCP3:
$ oc version
oc v3.11.126
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://XXXXXXX
openshift v3.11.104
kubernetes v1.11.0+d4cacc0

OCP4:
$ oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.1.0     True        False         14h     Cluster version is 4.1.0



Controller:
    image: quay.io/ocpmigrate/mig-controller:stable
    imageID: quay.io/ocpmigrate/mig-controller@sha256:7ec48a557240f1d2fa6ee6cd62234b0e75f178eca2a0cc5b95124e01bcd2c114
UI:

    image: quay.io/ocpmigrate/mig-ui:stable
    imageID: quay.io/ocpmigrate/mig-ui@sha256:f38a52d944227cb7b9e7e175a2dc0df0ae032fd67cdffd8f11a9c4d73855153d
Velero:
    image: quay.io/ocpmigrate/velero:stable
    imageID: quay.io/ocpmigrate/velero@sha256:957725dec5f0fb6a46dee78bd49de9ec4ab66903eabb4561b62ad8f4ad9e6f05
    image: quay.io/ocpmigrate/migration-plugin:stable
    imageID: quay.io/ocpmigrate/migration-plugin@sha256:b4493d826260eb1e3e02ba935aaedfd5310fefefb461ca7dcd9a5d55d4aa8f35


How reproducible:

Always.


Steps to Reproduce:
1. Create a migration storage in App Migration Tool UI
2. Verify that the secret is created

   oc get secret -n openshift-config 

3. Delete the migration storage using the App Migration Storage UI



Actual results:

The storage is deleted, but the secret is not. 

Run this command to verify that the secret is not deleted.
oc get secret -n openshift-config


Expected results:

The secret should be deleted when the migration storage is deleted.


Additional info:

Comment 1 John Matthews 2019-08-29 16:13:02 UTC

https://github.com/fusor/mig-controller/issues/295

Comment 3 Jeff Ortel 2019-10-14 20:39:30 UTC

Align to UI.  https://github.com/fusor/mig-ui/issues/601

Comment 4 Erik Nelson 2020-04-08 15:45:13 UTC

https://github.com/konveyor/mig-ui/pull/768

Comment 7 Xin jiang 2020-05-07 09:26:32 UTC

verified that  the secret was deleted when the migration storage was deleted.

Conroller Image:
 image: quay-enterprise-quay-enterprise.apps.qe-appmig-tgt-3190.qe.azure.devcluster.openshift.com/admin/openshift-migration-controller-rhel8@sha256:383991bd3e7eda398958980a00abb9c2fda5602e864f978e1eab2312bc248689
    imagePullPolicy: Always

Comment 9 errata-xmlrpc 2020-05-28 11:06:45 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:2328

Note You need to log in before you can comment on or make changes to this bug.