Bug 2070562 - Base64 data value for java keystore secret changing automatically, when we edit it from the console and saving it without doing any changes
Summary: Base64 data value for java keystore secret changing automatically, when we e...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.9
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.12.0
Assignee: Jakub Hadvig
QA Contact: Xiyun Zhao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-03-31 12:46 UTC by Mayur Deore
Modified: 2023-01-17 19:48 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-01-17 19:48:11 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 11890 0 None open Bug 2070562: Base64 data value for java keystore secret changing auto… 2022-07-27 18:16:52 UTC
Red Hat Product Errata RHSA-2022:7399 0 None None None 2023-01-17 19:48:35 UTC

Description Mayur Deore 2022-03-31 12:46:20 UTC 
Description of problem:
Secret created for java Keystore changing its base64 value inside secret when we edit that secret from the console and saving it again without doing any changes   

Version-Release number of selected component (if applicable):
RHCOP 4.9.23


Steps to Reproduce:
1. Create a dummy Java keystore for the test
~~~
$ keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
~~~
2. Create a secret on the test project using a java key-store file 
~~~
$ oc create secret generic test1 --from-file=data1=./original.jks
~~~
2. Check the secret, and take a backup.
~~~
$ oc get secret test1 -o yaml > secret1.yaml
~~~
3. Open RHOCP console, Go Workload-->Secret-->Select project-->Click on test1 secret-->Action-->Edit secret-->Save it without changing anything
4. Check the secret again, and compare it with the original one. 
~~~
$ oc get secret test1 -o yaml > secret2.yaml
~~~
Actual results:
- The value for key data1 is changing.

Expected results:
- The value for key data1 should remain the same.

Additional info:
- Find similar results when we create secrets directly from the console.
Comment 3 Xiyun Zhao 2022-08-01 08:34:14 UTC 
This issue has been verified on payload 4.12.0-0.nightly-2022-07-31-235028, the issue can be reproduced on 4.10.25 and 4.11.0-0.nightly-2022-07-29-173905

Verification Step: (follow the description)
1. Create a dummy Java keystore for the test
   $ keytool -genkey -v -keystore original.jks -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
2. Create a secret on the test project using a java key-store file 
   $ oc create secret generic test1 --from-file=data1=./original.jks
3. Check the secret, and take a backup.
   $ oc get secret test1 -o yaml > secret1.yaml
4. Open OCP console, Go to Workload-->Secret-->Select project-->Click on test1 secret-->Action-->Edit secret-->Save it without changing anything
   Or Go to the Scrects page -> Click the Kebab button of the test1 secret -> choose "Edit secret" -> Save without change anything
5. Check the secret again, and compare it with the original one. 
   $ oc get secret test1 -o yaml > secret2.yaml
6. $diff secret1.yaml secret2.yaml
7. Re-create the secrets through UI, repeat steps 3-6 again

Result:
5. The value for key data1 are the same, the data will not change automatically anymore
Comment 7 errata-xmlrpc 2023-01-17 19:48:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399
Note You need to log in before you can comment on or make changes to this bug.