Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1872705

Summary: Multiple credentials for the same registry during image stream import
Product: OpenShift Container Platform Reporter: Ricardo Maraschini <rmarasch>
Component: ImageStreamsAssignee: Ricardo Maraschini <rmarasch>
Status: CLOSED DEFERRED QA Contact: XiuJuan Wang <xiuwang>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.5CC: aos-bugs, jokerman, wzheng
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-31 15:04:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ricardo Maraschini 2020-08-26 13:21:44 UTC 
Description of problem:

Seems like if two credentials for the same registry exist in the namespace and one of them is incorrect the import of an image stream may fail.


Version-Release number of selected component (if applicable):

4.5

How reproducible:

To be investigated if this is indeed the case

Steps to Reproduce:
1. Create two secrets with credentials for the same registry (one with incorrect auth data)
2. Attempt to import from the registry


Actual results:

Import fail?


Expected results:

Import succeed.

Additional info:

https://github.com/kubernetes/kubernetes/blob/master/pkg/credentialprovider/keyring.go#L115
Comment 2 Ricardo Maraschini 2020-08-27 09:37:42 UTC 
I can confirm that if multiple credentials for the same registry exist on the namespace only the first one is used (lexicographic order). Tested on a cluster 4.6.
Comment 3 Ricardo Maraschini 2020-08-31 15:04:51 UTC 
Deferring this to https://issues.redhat.com/browse/IR-102