Bug 1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https)
Summary: [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenShift Container Storage
Classification: Red Hat Storage
Component: Multi-Cloud Object Gateway
Version: 4.3
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: OCS 4.6.0
Assignee: Jacky Albo
QA Contact: aberner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-28 19:21 UTC by Jason Montleon
Modified: 2020-12-17 06:22 UTC (History)
8 users (show)

Fixed In Version: v4.6.0-106.ci
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-12-17 06:22:30 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github noobaa noobaa-operator pull 430 0 None closed Adding redirect insecureEdgeTerminationPolicy to management route 2020-10-29 06:14:06 UTC
Github noobaa noobaa-operator pull 431 0 None closed Backport to 5.6 2020-10-29 06:14:07 UTC
Red Hat Bugzilla 1810684 1 None None None 2021-01-20 06:05:38 UTC
Red Hat Product Errata RHSA-2020:5605 0 None None None 2020-12-17 06:22:47 UTC

Description Jason Montleon 2020-04-28 19:21:01 UTC 
Description of problem (please be detailed as possible and provide log
snippests):

This is minor, but would be a nice enhancement.

If you enter the url of the noobaa mgmt route using http:// instead of https:// it does not redirect.

Version of all relevant components (if applicable):
4.3.1

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
No

Is there any workaround available to the best of your knowledge?
Yes, use https

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
1

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
Yes

If this is a regression, please provide more details to justify this:
No

Steps to Reproduce:
1. Install OCS/MCG
2. Attempt to access the mgmt route using http:// instead of https://


Actual results:
The user should be redirected.

Expected results:
The user is not redirected.

Additional info:

By adding spec.insecureEdgeTerminationPolicy: Redirect to the route the user will be redirected automatically.
Comment 4 Jose A. Rivera 2020-04-29 15:03:01 UTC 
This is a NooBaa issue, moving accordingly and pushing it out to OCS 4.6.
Comment 5 Martin Bukatovic 2020-04-29 17:02:20 UTC 
This seems to be related to a particular NooBaa route/service configuration, which is done on purpose as Eran notes in https://bugzilla.redhat.com/show_bug.cgi?id=1810684#c2
Comment 6 Jason Montleon 2020-04-29 18:56:08 UTC 
I don't think this is the same. 1810684 is pointing out that there is a route and an elb address that Noobaa management can be reached from.

Instead I'm referring to an automatic redirect from http to https on the route. We saw a second person do this in a lab today and have to ask for help, so it is causing users some confusion. I'm sure they would figure it out eventually, but it's a one line adjustment to the route to save confusion. Like I said, minor, but nice.
Comment 10 Mudit Agarwal 2020-10-29 06:15:30 UTC 
Nimrod, should we add doc_text for this one (being an RFE)
Comment 11 Nimrod Becker 2020-10-29 07:45:02 UTC 
Nope, we are serving HTTPS and we should have redirected HTTP to HTTPS, now its done properly.
Don't think we need a doc.
Comment 14 errata-xmlrpc 2020-12-17 06:22:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5605
Note You need to log in before you can comment on or make changes to this bug.