Bug 1825997 - [OCP 4.4][NMO] Create NMO with invalid nodeName successfully creates a nodmaintance object.
Summary: [OCP 4.4][NMO] Create NMO with invalid nodeName successfully creates a nodmai...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node Maintenance Operator
Version: 4.4
Hardware: Unspecified
OS: Linux
low
low
Target Milestone: ---
: 4.6.0
Assignee: Marc Sluiter
QA Contact: gharden
URL: https://github.com/kubevirt/node-main...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-20 16:34 UTC by gharden
Modified: 2021-02-06 07:05 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 15:58:26 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 15:58:41 UTC

Description gharden 2020-04-20 16:34:13 UTC 
Description of problem:

NMO object is successfully created for invalid "nodeName". NMO object creation via `oc create -f <node maintenance yaml>` with invalid "nodeName" value should return invalid node name error.


Version-Release number of selected component (if applicable):
4.4

How reproducible:
100%


Steps to Reproduce:
1. 
cat <<'EOF' >> host_maintenance_test.yaml
 apiVersion: kubevirt.io/v1alpha1
kind: NodeMaintenance
metadata:
  name: nodemaintenance-invalid-node
spec:
  nodeName: invalid-node
  reason: "Test node maintenance for invalid"
EOF
2. oc create -f host_maintenance_test.yaml
3. oc get nodemaintenances

Actual results:
[root@sealusa9 ~]# cat <<'EOF' >> host_maintenance_test.yaml
> apiVersion: kubevirt.io/v1alpha1
> kind: NodeMaintenance
> metadata:
>   name: nodemaintenance-invalid-node
> spec:
>   nodeName: invalid-node
>   reason: "Test node maintenance for invalid"
> EOF
[root@sealusa9 ~]# cat host_maintenance_test.yaml 
apiVersion: kubevirt.io/v1alpha1
kind: NodeMaintenance
metadata:
  name: nodemaintenance-invalid-node
spec:
  nodeName: invalid-node
  reason: "Test node maintenance for invalid"
[root@sealusa9 ~]# oc create -f host_maintenance_test.yaml 
nodemaintenance.kubevirt.io/nodemaintenance-invalid-node created
[root@sealusa9 ~]# oc get nodemaintenances.kubevirt.io 
NAME                           AGE
nodemaintenance-invalid-node   14s


Expected results:
[root@sealusa9 ~]# cat <<'EOF' >> host_maintenance_test.yaml
> apiVersion: kubevirt.io/v1alpha1
> kind: NodeMaintenance
> metadata:
>   name: nodemaintenance-invalid-node
> spec:
>   nodeName: invalid-node
>   reason: "Test node maintenance for invalid"
> EOF
[root@sealusa9 ~]# cat host_maintenance_test.yaml 
apiVersion: kubevirt.io/v1alpha1
kind: NodeMaintenance
metadata:
  name: nodemaintenance-invalid-node
spec:
  nodeName: invalid-node
  reason: "Test node maintenance for invalid"
[root@sealusa9 ~]# oc create -f host_maintenance_test.yaml 
Error: Invalid nodeName
[root@sealusa9 ~]# oc get nodemaintenances.kubevirt.io 
No resources found in openshift-cnv namespace.
[root@sealusa9 ~]# 

Additional info:
Comment 1 Tomas Jelinek 2020-04-22 06:40:09 UTC 
After a discussion with Andrew Beekhof, targeting 4.5
Comment 3 Michael Moser 2020-05-07 11:07:54 UTC 
we would have to add an admission webhook to check for the validity of the node name prior to creating the CRD object. Is that worth the effort? I mean why isn't it enough to allow creation of CRD object with an error value set on the CRD object?
Comment 4 Michael Moser 2020-05-16 22:53:42 UTC 
PR https://github.com/kubevirt/node-maintenance-operator/pull/77 has been submitted to address the problem and is up for review.
Comment 5 Michael Moser 2020-05-21 02:54:52 UTC 
the reviewers didn't like my PR, I have to redo it using a different mechanism (olm sdk). Now the task is stalled as we have to swap all of our dependencies to a newer set of dependencies that support this approach.
Comment 6 Michael Moser 2020-06-10 12:59:58 UTC 
Working on https://github.com/kubevirt/node-maintenance-operator/pull/84 to add webhook via olm (operator lifecycle manager); Now working on validating the fix and adding e2e testing for that case.
Comment 9 Michael Moser 2020-07-01 00:43:07 UTC 
Current status: the e2e tests work when the OLM test environment is built from the OLM sourcs for os4.5, as the current OLM v0.15.1 version has a bug that has been fixed in the sources of the project. Now waiting for the proper OLM to continue.
Comment 10 Marc Sluiter 2020-07-27 09:04:44 UTC 
Fixed in https://github.com/kubevirt/node-maintenance-operator/pull/102
Comment 13 gharden 2020-08-26 13:52:32 UTC 
Version: 4.6.0-0.nightly-2020-08-24-110601

cat << 'EOF' >> invalid_host_maintenance_test.yaml
apiVersion: nodemaintenance.kubevirt.io/v1beta1
kind: NodeMaintenance
metadata:
  name: invalid-node
spec:
  nodeName: invalid-node
  reason: "Test node maintenance for invalid-node"
EOF

[root@sealusa8 ~]# cat invalid_host_maintenance_test.yaml 
apiVersion: nodemaintenance.kubevirt.io/v1beta1
kind: NodeMaintenance
metadata:
  name: invalid-node
spec:
  nodeName: invalid-node
  reason: "Test node maintenance for invalid-node"
[root@sealusa8 ~]# oc create -f invalid_host_maintenance_test.yaml 
Error from server (invalid nodeName, no node with name invalid-node found): error when creating "invalid_host_maintenance_test.yaml": admission webhook "nodemaintenance-validation.kubevirt.io" denied the request: invalid nodeName, no node with name invalid-node found
[root@sealusa8 ~]#
Comment 15 errata-xmlrpc 2020-10-27 15:58:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196
Note You need to log in before you can comment on or make changes to this bug.