Bug 1978724 - Binary secret data isn't properly uploaded by ui
Summary: Binary secret data isn't properly uploaded by ui
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.8
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.9.0
Assignee: Joe Caiani
QA Contact: Siva Reddy
URL:
Whiteboard:
Depends On:
Blocks: 1980136
TreeView+ depends on / blocked
 
Reported: 2021-07-02 15:23 UTC by Joe Caiani
Modified: 2021-10-18 17:38 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Stringdata used for encoded secrets Consequence: Binary secrets not uploaded correctly Fix: Encode secrets and use data instead of stringdata in api Result: Binary secrets uploaded correctly
Clone Of:
Environment:
Last Closed: 2021-10-18 17:38:00 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 9387 0 None open Bug 1978724: Add cypress tests for key/value secrets with binary, ascii, and unicode values. 2021-07-02 15:31:05 UTC
Red Hat Product Errata RHSA-2021:3759 0 None None None 2021-10-18 17:38:19 UTC

Description Joe Caiani 2021-07-02 15:23:40 UTC
Description of problem:
currently we read binary data using filereader.readasbinarystring, and then convert that using base64.encode, however, this process doesn't properly encode the data. See https://github.com/dankogai/js-base64#decode-vs-atob-and-encode-vs-btoa

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 3 Yanping Zhang 2021-07-13 04:11:23 UTC
Checked on ocp 4.9 cluster with payload 4.9.0-0.nightly-2021-07-12-143404.  
1. Create key/value secret from console using binary file from /frontend/packages/integration-tests-cypress/fixtures/binarysecret.bin
2. Decode data from the secret, and check the data is identical to those from the binary file.
[zyp@MiWiFi-R1CM ~]$ oc get secret secret1 -n prozyp --template '{{.data.test}}' | base64 -d
WBELLDEV.DEV.BCE.CA	zookeeperosdevconsole.belldev.dev.bce.ca�#=4�J��WBELLDEV.DEV.BCE.CA	zookeeperosdevconsole.belldev.dev.bce.ca�#=4�J��_BELLDEV.DEV.BCE.CA	zookeeperosdevconsole.belldev.dev.bce.caT��\�4=}M��v{oBELLDEV.DEV.BCE.CA	zookeeperosdevconsole.belldev.dev.bce.ca f/�8�7F���x d5Ʃ�Rk_BELLDEV.DEV.BCE.CA	zookeeperosdevconsole.belldev.dev.bce.ca8�$i�@iN��3�m%[zyp@MiWiFi-R1CM ~]$ 
[zyp@MiWiFi-R1CM ~]$ oc get secret secret1 -n prozyp --template '{{.data.test}}' | base64 -d > /tmp/bintest
[zyp@MiWiFi-R1CM ~]$ diff /tmp/bintest gitrepo/console/frontend/packages/integration-tests-cypress/fixtures/binarysecret.bin 
[zyp@MiWiFi-R1CM ~]$ 

The bug is fixed.

Comment 6 errata-xmlrpc 2021-10-18 17:38:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759


Note You need to log in before you can comment on or make changes to this bug.