Bug 1801543 - the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK should not be removed when setting namespaceOwnership with invalid value
Summary: the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK should not be removed when s...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing
Version: 4.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.4.0
Assignee: Dan Mace
QA Contact: Hongan Li
Depends On:
TreeView+ depends on / blocked
Reported: 2020-02-11 07:23 UTC by Hongan Li
Modified: 2020-05-04 11:36 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-05-04 11:35:29 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift api pull 589 0 None closed Bug 1801543: Add missing enum validations 2020-06-03 12:10:13 UTC
Github openshift cluster-ingress-operator pull 359 0 None closed Bug 1801543: Update CRDs 2020-06-03 12:10:13 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:36:01 UTC

Description Hongan Li 2020-02-11 07:23:04 UTC
Description of problem:
By default (e.g. fresh install), the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK is set to "false" in the deployment router-default. 
After setting spec.routeAdmission.namespaceOwnership with invalid value
the env ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK is removed from the deployment.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. fresh install 4.4 cluster and check the router-default deployment
   $ oc -n openshift-ingress get deployment

2. change the spec.routeAdmission.namespaceOwnership to Strict
   $ oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"Strict"}}}' --type=merge

3. change the spec.routeAdmission.namespaceOwnership to invalid.
   $ oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"invalid"}}}' --type=merge

4. check the operator logs

Actual results:
step 1 and 2, the env is set to "false".
step 3 and 4, the env is removed and cannot find any logs for the invalid setting.

Expected results:
1. the env should not be removed in step 3 and should see some logs for the invalid settings. 
2. since the env is boolean, maybe we can also use boolean in the spec.routeAdmission, like
    namespaceOwnershipCheck: true 

Additional info:

Comment 2 Hongan Li 2020-02-14 03:13:27 UTC
verified with 4.4.0-0.nightly-2020-02-13-212616 and issue has been fixed.

$ oc -n openshift-ingress-operator patch ingresscontroller/default --patch '{"spec":{"routeAdmission":{"namespaceOwnership":"strict"}}}' --type=merge
The IngressController "default" is invalid: spec.routeAdmission.namespaceOwnership: Unsupported value: "strict": supported values: "InterNamespaceAllowed", "Strict"

Comment 4 errata-xmlrpc 2020-05-04 11:35:29 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.