Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1755606

Summary: metering-operator does not validate storage secrets exist before installing components
Product: OpenShift Container Platform Reporter: Peter Ruan <pruan>
Component: Metering OperatorAssignee: tflannag
Status: CLOSED ERRATA QA Contact: Peter Ruan <pruan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.3.0CC: calfonso, emoss, sd-operator-metering
Target Milestone: ---   
Target Release: 4.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-13 21:25:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Ruan 2019-09-25 19:51:24 UTC 
Description of problem:

metering-operator does not validate storage secrets exist before installing components.  If the MeteringConfig references a secret that does not exists, the deployment will continue but be stuck with the pods having `CreateContainerConfigError`.  It would be nice to have MeteringConfig validation be done at the operator level prior to installing components


Version-Release number of selected component (if applicable):
4.2

How reproducible:
always

Steps to Reproduce:
1. install metering with a MeteringConfig that references to a secret that does not exists.

apiVersion: metering.openshift.io/v1alpha1
kind: MeteringConfig
metadata:
  name: "operator-metering"
spec:
  storage:
    type: "hive"
    hive:
      type: "s3"
      s3:
        bucket: "qe-pruan-metering"
        region: "us-west-1"
        secretName: "my-aws-secret"
        createBucket: true



Actual results:
NAME                                  READY   STATUS                       RESTARTS   AGE
hive-metastore-0                      1/2     CreateContainerConfigError   0          4m49s
hive-server-0                         2/3     CreateContainerConfigError   0          4m49s
metering-operator-97f7599f6-9dcrw     2/2     Running                      0          6m57s
presto-coordinator-0                  0/2     Pending                      0          4m27s
reporting-operator-685f689fb7-5rr2x   0/2     CreateContainerConfigError   0          3m59s


Expected results:
all expected metering pods to be in the READY state

Additional info:
Comment 3 Peter Ruan 2019-12-09 07:09:26 UTC 
verified 
operator_s3_credentials_secret.resources | length > 0 }}

fatal: [localhost]: FAILED! => {
    "assertion": "s3_credentials_secret_exists",
    "changed": false,
    "evaluated_to": false,
    "msg": "storage.hive.s3.secret does not exist"
}

TASK [meteringconfig : include_tasks] ******************************************
task path: /opt/ansible/roles/meteringconfig/tasks/configure_storage.yml:50
Sunday 08 December 2019  20:02:50 +0000 (0:00:00.376)       0:00:14.708 *******
included: /opt/ansible/roles/meteringconfig/tasks/update_meteringconfig_status.yml for localhost

TASK [meteringconfig : Update the MeteringConfig status] ***********************
task path: /opt/ansible/roles/meteringconfig/tasks/update_meteringconfig_status.yml:3
Sunday 08 December 2019  20:02:50 +0000 (0:00:00.407)       0:00:15.116 *******
changed: [localhost] => {"changed": true, "result": {"apiVersion": "metering.openshift.io/v1", "kind": "MeteringConfig", "metadata": {"annotations": {"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"metering.openshift.io/v1alpha1\",\"kind\":\"MeteringConfig\",\"metadata\":{\"annotations\":{},\"name\":\"operator-metering\",\"namespace\":\"openshift-metering\"},\"spec\":{\"storage\":{\"hive\":{\"s3\":{\"bucket\":\"qe-pruan-metering-mac\",\"createBucket\":true,\"region\":\"us-west-1\",\"secretName\":\"my-aws-secret\"},\"type\":\"s3\"},\"type\":\"hive\"}}}\n"}, "creationTimestamp": "2019-12-08T20:02:32Z", "generation": 1, "name": "operator-metering", "namespace": "openshift-metering", "resourceVersion": "67423", "selfLink": "/apis/metering.openshift.io/v1/namespaces/openshift-metering/meteringconfigs/operator-metering/status", "uid": "73f35730-0da1-4923-b541-b2fc20d98a76"}, "spec": {"storage": {"hive": {"s3": {"bucket": "qe-pruan-metering-mac", "createBucket": true, "region": "us-west-1", "secretName": "my-aws-secret"}, "type": "s3"}, "type": "hive"}}, "status": {"conditions": [{"lastTransitionTime": "2019-12-08T20:02:46.425563Z", "message": "Configuring Hive storage", "status": "True", "type": "Running"}, {"lastTransitionTime": "2019-12-08T20:02:51.776011Z", "message": "The task \"Validate that the s3 credentials secret exists\" failed with the following message: storage.hive.s3.secret does not exist", "status": "True", "type": "Invalid"}]}}}

TASK [meteringconfig : End role due to failure] ********************************
task path: /opt/ansible/roles/meteringconfig/tasks/update_meteringconfig_status.yml:12
Sunday 08 December 2019  20:02:52 +0000 (0:00:01.403)       0:00:16.520 *******
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failing role execution after updating the MeteringConfig.Status"}

PLAY RECAP *********************************************************************
localhost                  : ok=19   changed=5    unreachable=0    failed=1    skipped=8    rescued=1    ignored=0
Comment 5 errata-xmlrpc 2020-05-13 21:25:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0062