Bug 1801543 - the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK should not be removed when setting namespaceOwnership with invalid value
Summary: the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK should not be removed when s...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.4
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.4.0
Assignee: Dan Mace
QA Contact: Hongan Li
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-11 07:23 UTC by Hongan Li
Modified: 2022-08-04 22:27 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-05-04 11:35:29 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift api pull 589 0 None closed Bug 1801543: Add missing enum validations 2020-06-03 12:10:13 UTC
Github openshift cluster-ingress-operator pull 359 0 None closed Bug 1801543: Update CRDs 2020-06-03 12:10:13 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:36:01 UTC

Description Hongan Li 2020-02-11 07:23:04 UTC
Description of problem:
By default (e.g. fresh install), the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK is set to "false" in the deployment router-default. 
After setting spec.routeAdmission.namespaceOwnership with invalid value
the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK is removed from the deployment.


Version-Release number of selected component (if applicable):
4.4.0-0.nightly-2020-02-10-215022

How reproducible:
100%

Steps to Reproduce:
1. fresh install 4.4 cluster and check the router-default deployment
   $ oc -n openshift-ingress get deployment

2. change the spec.routeAdmission.namespaceOwnership to Strict
   $ oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"Strict"}}}' --type=merge

3. change the spec.routeAdmission.namespaceOwnership to invalid.
   $ oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"invalid"}}}' --type=merge

4. check the operator logs

Actual results:
step 1 and 2, the env is set to "false".
step 3 and 4, the env is removed and cannot find any logs for the invalid setting.

Expected results:
1. the env should not be removed in step 3 and should see some logs for the invalid settings. 
2. since the env is boolean, maybe we can also use boolean in the spec.routeAdmission, like
spec:
  routeAdmission:
    namespaceOwnershipCheck: true 


Additional info:

Comment 2 Hongan Li 2020-02-14 03:13:27 UTC
verified with 4.4.0-0.nightly-2020-02-13-212616 and issue has been fixed.


$ oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"strict"}}}' --type=merge
The IngressController "default" is invalid: spec.routeAdmission.namespaceOwnership: Unsupported value: "strict": supported values: "InterNamespaceAllowed", "Strict"

Comment 4 errata-xmlrpc 2020-05-04 11:35:29 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581


Note You need to log in before you can comment on or make changes to this bug.