1943217 – [certificate renewal] certConfig is a struct and not a pointer

Bug 1943217 - [certificate renewal] certConfig is a struct and not a pointer

Summary: [certificate renewal] certConfig is a struct and not a pointer

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	Installation
Sub Component:
Version:	4.8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	4.8.0
Assignee:	Simone Tiraboschi
QA Contact:	Inbar Rose
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1949795
TreeView+	depends on / blocked

Reported:	2021-03-25 15:13 UTC by ibesso
Modified:	2021-07-27 14:30 UTC (History)
CC List:	2 users (show)
Fixed In Version:	hco-bundle-registry:v4.8.0-252
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-07-27 14:29:42 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	kubevirt hyperconverged-cluster-operator pull 1207	0	None	open	Cert config defaults	2021-03-25 15:15:04 UTC
Red Hat Product Errata	RHSA-2021:2920	0	None	None	None	2021-07-27 14:30:51 UTC

Description ibesso 2021-03-25 15:13:22 UTC

Description of problem:
----------------------
On a fresh deployed cluster with 4.8.0, I saw no certificate-related objects in HCO CR.
In HCO CRD there are default values.


Steps to Reproduce:
------------------
1. oc get hyperconvergeds -n openshift-cnv kubevirt-hyperconverged -oyaml
2. oc get crd  hyperconvergeds.hco.kubevirt.io -oyaml


Actual results:
--------------
1. no cert-related objects.
2. cert objects and fields and defaults exist.

Expected results:
----------------
HCO CR should include defaults.


Additional info:
---------------
[cnv-qe-jenkins@besso-48-ds5wj-executor ~]$ oc version
Client Version: 4.8.0-202103210459.p0-1054107
Server Version: 4.8.0-0.nightly-2021-03-22-104536
Kubernetes Version: v1.20.0+39c0afe
[cnv-qe-jenkins@besso-48-ds5wj-executor ~]$

Comment 1 ibesso 2021-04-21 15:14:03 UTC

I verified with osbs registry-proxy.engineering.redhat.com/rh-osbs/iib:68396.
This time the HCO CRD had spec description:
             certConfig:
                default:
                  ca:
                    duration: 48h
                    renewBefore: 24h
                  server:
                    duration: 24h
                    renewBefore: 12h
                description: certConfig holds the rotation policy for internal, self-signed
                  certificates
                properties:
                  ca:
                    default:
                      duration: 48h
                      renewBefore: 24h
                    description: CA configuration - CA certs are kept in the CA bundle
                      as long as they are valid
                    properties:
                      duration:
                        description: The requested 'duration' (i.e. lifetime) of the
                          Certificate. This should comply with golang's ParseDuration
                          format (https://golang.org/pkg/time/#ParseDuration)
                        type: string
                      renewBefore:
                        description: The amount of time before the currently issued
                          certificate's `notAfter` time that we will begin to attempt
                          to renew the certificate. This should comply with golang's
                          ParseDuration format (https://golang.org/pkg/time/#ParseDuration)
                        type: string
                    type: object
                  server:
                    default:
                      duration: 24h
                      renewBefore: 12h
                    description: Server configuration - Certs are rotated and discarded
                    properties:
                      duration:
                        description: The requested 'duration' (i.e. lifetime) of the
                          Certificate. This should comply with golang's ParseDuration
                          format (https://golang.org/pkg/time/#ParseDuration)
                        type: string
                      renewBefore:
                        description: The amount of time before the currently issued
                          certificate's `notAfter` time that we will begin to attempt
                          to renew the certificate. This should comply with golang's
                          ParseDuration format (https://golang.org/pkg/time/#ParseDuration)
                        type: string
                    type: object
                type: object

moving to VERIFIED.

Comment 4 errata-xmlrpc 2021-07-27 14:29:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.8.0 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2920

Note You need to log in before you can comment on or make changes to this bug.