Description of problem: When visualizing the credentials in a secret, in a given namespace, only the first one registry credential is listed in the UI. Version-Release number of selected component (if applicable): 4.7.13 How reproducible: Always Steps to Reproduce: 1. Create a new project (test1) 2. Go to https://console-openshift-console.apps.cluster.domain.tld/k8s/cluster/projects/test1/details 3. Add a Default pull secret and upload a config.json file with credentials for multiple registries Actual results: After adding the secret only the first credentials are listed in the UI. Expected results: All the credentials should be listed or at least add a banner in the UI explaining that there are other credentials in the pull secret which aren't listed. Additional info:
@sgarciam Just want to clarify and make sure that I understand the issue. Here are the steps I took: - Created a config.json with entries to "cloud.openshif.com", "quay.io" and "registry.connect.redhat.com" - On my project details page, click on "Not configured" link under the "Default pull secret" section - Choose the "Upload Docker config.json" option and selected my file created in the first step. - Click on save. - When I go to the project details under the "Default pull secret" header there is a link that has the name of my default secret - When I click on that link, I get a modal that only shows the cloud.openshift.com entry. My entries to quay.io and registry.connect.redhat.com are not shown nor is there an indicator that they exist in this UI. The last step is the issue correct? In this modal I do see a warning that says "A default pull Secret exists, but can't be parsed. Saving this will overwrite it.", but again it doesn't let me know that other entries exist. If I do make a change (change the email for example), and then look at the secrets (using methods described below), only the first entry is shown and the other entries( quay.io and registry.connect.redhat.com in my example) are now missing. Some related notes: There is a way to see all the entries if I go to Workloads > Secrets and then choose my secret. Under actions, choose "Edit secret" and on the next screen, all three entries are shown. I was also able to see all of my entires if I use the CLI (oc get secret kkd-test-secrets -n kkd-test -o yaml | grep " .docker" | cut -d: -f2 | base64 -d) OR go to the secret YAML and decode the .dockerconfigjson entry.
>> - When I click on that link, I get a modal that only shows the cloud.openshift.com entry That's exactly the issue. I would expect to see all three credentials in the modal (not only the first one) or at least a warning about "the default secret contains more than one credentias, review them in the Workloads -> Secrets section". Does it makes sense? Either list all the credentials in the modal or warn the users about other credentials in the secret not being listed.
(In reply to Sergio G. from comment #2) > >> - When I click on that link, I get a modal that only shows the cloud.openshift.com entry > That's exactly the issue. I would expect to see all three credentials in the > modal (not only the first one) or at least a warning about "the default > secret contains more than one credentias, review them in the Workloads -> > Secrets section". > > Does it makes sense? Either list all the credentials in the modal or warn > the users about other credentials in the secret not being listed. Sounds good and thanks for clarifying.
Because the number of credentials per secret could be large, listing them all in the modal may not be ideal because it may require scrolling within the modal. Wondering if having an additional warning on the modal is the better immediate approach. The connected PR takes this approach.
- Created a config.json with entries to multiple registries, such as "cloud.openshif.com", "quay.io", "registry.connect.redhat.com" and "registry.redhat.io" {"auths":{"cloud.openshift.com":{"auth":"xxxxx","email":"yapei"},"quay.io":{"auth":"xxxx","email":"yapei"},"registry.connect.redhat.com":{"auth":"xxx","email":"yapei"},"registry.redhat.io":{"auth":"xxxx","email":"yapei"}}} - Create a new project, on my project details page, click on "Not configured" link under the "Default pull secret" section - Choose the "Upload Docker config.json" option and selected my file created in the first step. - Click on save. - When I go to the project details under the "Default pull secret" header there is a resource link that has the name of my default secret - When I click on that link, I was redirected to the secret details page instead of opening a modal, click 'Reveal values' will show all the credentials of registries. Also the "Save" button will be disabled if user is selecting to upload and hasn't uploaded a file or if the uploaded file is badly formatted JSON Verified on 4.9.0-0.nightly-2021-07-18-155939
Thanks for the quick solution. Do you think it's possible to backport it to 4.8 and/or 4.7?
We can backport to 4.8
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759