Bug 2024681 - Default Noobaa install creates wide open AWS Security groups
Summary: Default Noobaa install creates wide open AWS Security groups
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenShift Data Foundation
Classification: Red Hat Storage
Component: Multi-Cloud Object Gateway
Version: 4.8
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ODF 4.12.0
Assignee: Utkarsh Srivastava
QA Contact: krishnaram Karthick
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-11-18 16:38 UTC by etsmith@redhat.com
Modified: 2023-12-08 04:26 UTC (History)
9 users (show)

Fixed In Version: 4.12.0-55
Doc Type: Enhancement
Doc Text:
Previously, default NooBaa install created unrestricted AWS security groups during deployment. With this update, support for controlling LoadBalancer source subnet is added.
Clone Of:
Environment:
Last Closed: 2023-01-31 00:19:18 UTC
Embargoed:

Attachments (Terms of Use)
aws sg screenshot (157.61 KB, image/png)
2021-11-18 16:38 UTC, etsmith@redhat.com 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Github noobaa noobaa-operator pull 941 0 None open Add support for controlling LoadBalancer source subnet 2022-06-16 10:55:01 UTC
Red Hat Product Errata RHBA-2023:0551 0 None None None 2023-01-31 00:19:42 UTC

Description etsmith@redhat.com 2021-11-18 16:38:21 UTC 
Created attachment 1842613 [details]
aws sg screenshot

Description of problem (please be detailed as possible and provide log
snippests):

Default OCS/ODF Operator install creates AWS SGs with 0.0.0.0/0 inbound rules. 
Version of all relevant components (if applicable):

OCP 4.8.18
OCS 4.8.2

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?

No, AWS SG rules can be edited after the fact. 
Is there any workaround available to the best of your knowledge?


Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?

1
Can this issue reproducible?

Yes
Can this issue reproduce from the UI?
Yes

If this is a regression, please provide more details to justify this:


Steps to Reproduce:
1. Install OCS/ODF 4.8 w/ Noobaa
2. AWS SG gets created w/ wide open rules
3.


Actual results:
AWS SG gets created w/ wide open rules

Expected results:
AWS SG gets created w/ rules locked down to VPC CIDR (at least)

Additional info:
Comment 2 Nimrod Becker 2021-12-01 07:36:24 UTC 
Moving to 4.10, will backport to 4.9.z if needed
Comment 16 Nimrod Becker 2023-01-30 17:37:56 UTC 
ack
Comment 18 errata-xmlrpc 2023-01-31 00:19:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenShift Data Foundation 4.12.0 enhancement and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0551
Comment 19 Red Hat Bugzilla 2023-12-08 04:26:45 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days
Note You need to log in before you can comment on or make changes to this bug.