1801543 – the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK should not be removed when setting namespaceOwnership with invalid value

Bug 1801543 - the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK should not be removed when setting namespaceOwnership with invalid value

Summary: the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK should not be removed when s...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.4.0
Assignee:	Dan Mace
QA Contact:	Hongan Li
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-02-11 07:23 UTC by Hongan Li
Modified:	2022-08-04 22:27 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-05-04 11:35:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift api pull 589	None	closed	Bug 1801543: Add missing enum validations	2020-06-03 12:10:13 UTC
Github	openshift cluster-ingress-operator pull 359	None	closed	Bug 1801543: Update CRDs	2020-06-03 12:10:13 UTC
Red Hat Product Errata	RHBA-2020:0581	None	None	None	2020-05-04 11:36:01 UTC

Description Hongan Li 2020-02-11 07:23:04 UTC

Description of problem:
By default (e.g. fresh install), the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK is set to "false" in the deployment router-default. 
After setting spec.routeAdmission.namespaceOwnership with invalid value
the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK is removed from the deployment.


Version-Release number of selected component (if applicable):
4.4.0-0.nightly-2020-02-10-215022

How reproducible:
100%

Steps to Reproduce:
1. fresh install 4.4 cluster and check the router-default deployment
   $ oc -n openshift-ingress get deployment

2. change the spec.routeAdmission.namespaceOwnership to Strict
   $ oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"Strict"}}}' --type=merge

3. change the spec.routeAdmission.namespaceOwnership to invalid.
   $ oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"invalid"}}}' --type=merge

4. check the operator logs

Actual results:
step 1 and 2, the env is set to "false".
step 3 and 4, the env is removed and cannot find any logs for the invalid setting.

Expected results:
1. the env should not be removed in step 3 and should see some logs for the invalid settings. 
2. since the env is boolean, maybe we can also use boolean in the spec.routeAdmission, like
spec:
  routeAdmission:
    namespaceOwnershipCheck: true 


Additional info:

Comment 2 Hongan Li 2020-02-14 03:13:27 UTC

verified with 4.4.0-0.nightly-2020-02-13-212616 and issue has been fixed.


$ oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"strict"}}}' --type=merge
The IngressController "default" is invalid: spec.routeAdmission.namespaceOwnership: Unsupported value: "strict": supported values: "InterNamespaceAllowed", "Strict"

Comment 4 errata-xmlrpc 2020-05-04 11:35:29 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581

Note You need to log in before you can comment on or make changes to this bug.