Bug 2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets
Summary: oc set data --dry-run=server makes persistent changes to configmaps and secrets
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.7
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.10.0
Assignee: Maciej Szulik
QA Contact: zhou ying
URL:
Whiteboard:
Depends On:
Blocks: 2038930
TreeView+ depends on / blocked
 
Reported: 2021-12-23 21:25 UTC by Mridul Markandey
Modified: 2022-03-11 18:15 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: --dry-run flag wasn't properly used for several oc set sub commands. Consequence: --dry-run=server was performing updates to resources. Fix: Properly wire --dry-run flag such that commands send that information to the server. Result: oc set sub commands are working as expected.
Clone Of:
: 2038930 (view as bug list)
Environment:
Last Closed: 2022-03-11 18:15:11 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift oc pull 1010 0 None open Bug 2035393: properly handle --dry-run=server 2022-01-03 15:22:32 UTC

Description Mridul Markandey 2021-12-23 21:25:49 UTC
Description of problem:
When we use --dry-run=server with oc commands, then it means to submit the server-side requests without persisting the resource. However, when we tried to modify the config maps/secrets using --dry-run=server, the changes were made persistently.
 
Version-Release number of selected component (if applicable):
RHOCP v4.7.37

How reproducible:
I have tried to reproduce the same on my test cluster and I have tested it on config maps and secrets. The results are the same. 

Steps to Reproduce:

1.$ oc create configmap cm-testing --from-literal=name=abc
configmap/cm-testing created

  $ oc get cm cm-testing -oyaml
~~~
apiVersion: v1
data:
  name: abc
kind: ConfigMap
metadata:
  creationTimestamp: "2021-12-16T02:55:19Z"
  name: cm-testing
  namespace: mridul
  resourceVersion: "4973134"
  uid: 0f0a1052-059d-49f2-95e8-e8fad775161b
~~~

2.[ When used dry-run=client ] 

  $ oc set data cm/cm-testing --from-literal=name=def --dry-run=client
configmap/cm-testing data updated (dry run)
You have new mail in /var/spool/mail/quicklab

  $ oc get cm cm-testing -oyaml
~~~
apiVersion: v1
data:
  name: abc
kind: ConfigMap
metadata:
  creationTimestamp: "2021-12-16T02:55:19Z"
  name: cm-testing
  namespace: mridul
  resourceVersion: "4973134"
  uid: 0f0a1052-059d-49f2-95e8-e8fad775161b
~~~

3. [ When used dry-run=server ]

  $ oc set data cm/cm-testing --from-literal=name=def --dry-run=server
configmap/cm-testing data updated (server dry run)

  $ oc get cm cm-testing -oyaml
~~~
apiVersion: v1
data:
  name: def   >>>>>>>>>>>>>>>>>>>> The data changes persistently
kind: ConfigMap
metadata:
  creationTimestamp: "2021-12-16T02:55:19Z"
  name: cm-testing
  namespace: mridul
  resourceVersion: "4975721"
  uid: 0f0a1052-059d-49f2-95e8-e8fad775161b
~~~

Actual results:
The data of the config map changed persistently when used --dry-run=server. 

Expected results:
The data should not get changed persistently.

Additional info:
I have tested the same on the secrets resource and as specified above, the secret data also got modified on the fly.

Comment 1 Mridul Markandey 2022-01-04 03:22:12 UTC
Hello Team,

There is one more update that I would like to share with you. The customer also tested the same on RHCOP v4.8 and the same bug exists there as well, which we have to fix.
~~~
Client Version: 4.8.0-202111041632.p0.git.88e7eba.assembly.stream-88e7eba
Server Version: 4.8.24
~~~

Regards,
Mridul Markandey

Comment 4 zhou ying 2022-01-06 02:45:47 UTC
Confirmed with latest oc , the issue can't reproduce now:

[root@localhost ~]# oc version --client
Client Version: 4.10.0-202201041327.p0.g080f0de.assembly.stream-080f0de



[root@localhost ~]# oc get cm cm-testing -o yaml
apiVersion: v1
data:
  name: abc
kind: ConfigMap
metadata:
  creationTimestamp: "2022-01-06T02:33:57Z"
  name: cm-testing
  namespace: test1
  resourceVersion: "77236"
  uid: 995b4044-4375-4796-83f5-f3bd72bc3331
[root@localhost ~]# oc set data cm/cm-testing --from-literal=name=def --dry-run=client
configmap/cm-testing data updated (dry run)
[root@localhost ~]# oc get cm cm-testing -o yaml
apiVersion: v1
data:
  name: abc
kind: ConfigMap
metadata:
  creationTimestamp: "2022-01-06T02:33:57Z"
  name: cm-testing
  namespace: test1
  resourceVersion: "77236"
  uid: 995b4044-4375-4796-83f5-f3bd72bc3331
[root@localhost ~]# oc set data cm/cm-testing --from-literal=name=def --dry-run=server
configmap/cm-testing data updated (server dry run)
[root@localhost ~]# oc get cm cm-testing -o yaml
apiVersion: v1
data:
  name: abc
kind: ConfigMap
metadata:
  creationTimestamp: "2022-01-06T02:33:57Z"
  name: cm-testing
  namespace: test1
  resourceVersion: "77236"
  uid: 995b4044-4375-4796-83f5-f3bd72bc3331





[root@localhost ~]#  oc create secret generic my-secret --from-literal=key1=supersecret
secret/my-secret created
[root@localhost ~]# oc get secret my-secret -o yaml 
apiVersion: v1
data:
  key1: c3VwZXJzZWNyZXQ=
kind: Secret
metadata:
  creationTimestamp: "2022-01-06T02:40:56Z"
  name: my-secret
  namespace: test1
  resourceVersion: "79412"
  uid: c9f25d0f-85b0-4b9f-99fe-6f94f61f95f7
type: Opaque

[root@localhost ~]# oc set data secret/my-secret --from-literal=key1=testset  --dry-run='client' 
secret/my-secret data updated (dry run)
[root@localhost ~]# oc get secret my-secret -o yaml
apiVersion: v1
data:
  key1: c3VwZXJzZWNyZXQ=
kind: Secret
metadata:
  creationTimestamp: "2022-01-06T02:40:56Z"
  name: my-secret
  namespace: test1
  resourceVersion: "79412"
  uid: c9f25d0f-85b0-4b9f-99fe-6f94f61f95f7
type: Opaque
[root@localhost ~]# oc set data secret/my-secret --from-literal=key1=testset  --dry-run='server' 
secret/my-secret data updated (server dry run)
[root@localhost ~]# oc get secret my-secret -o yaml
apiVersion: v1
data:
  key1: c3VwZXJzZWNyZXQ=
kind: Secret
metadata:
  creationTimestamp: "2022-01-06T02:40:56Z"
  name: my-secret
  namespace: test1
  resourceVersion: "79412"
  uid: c9f25d0f-85b0-4b9f-99fe-6f94f61f95f7
type: Opaque

Comment 6 Mridul Markandey 2022-01-21 08:25:42 UTC
Hello Team,

As this Bugzilla is going to be resolved for OpenShift version 4.10, So do you have any information if this will be backported to OCPv4.9 and OCP v4.8?

Appreciate your quick response.

---
Regards,
Mridul Markandey

Comment 7 Maciej Szulik 2022-01-21 15:41:10 UTC
(In reply to Mridul Markandey from comment #6)
> Hello Team,
> 
> As this Bugzilla is going to be resolved for OpenShift version 4.10, So do
> you have any information if this will be backported to OCPv4.9 and OCP v4.8?

Yes, backports are on the way, see the list of blocked bugzillas linked to this.


Note You need to log in before you can comment on or make changes to this bug.