Bug 2106116 - IngressController spec.tuningOptions.healthCheckInterval validation allows invalid values such as "0abc"
Summary: IngressController spec.tuningOptions.healthCheckInterval validation allows in...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.11
Hardware: Unspecified
OS: Unspecified
high
urgent
Target Milestone: ---
: 4.11.0
Assignee: Miciah Dashiel Butler Masters
QA Contact: Shudi Li
URL:
Whiteboard:
Depends On: 2106086
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-07-11 19:21 UTC by OpenShift BugZilla Robot
Modified: 2022-08-10 11:21 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-08-10 11:20:54 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift api pull 1224 0 None Merged [release-4.11] Bug 2106116: operator/ingress: Fix healthCheckInterval pattern 2022-07-13 17:28:10 UTC
Github openshift cluster-ingress-operator pull 806 0 None open Bug 2106116: Bump openshift/api for healthCheckInterval fix 2022-07-13 17:28:07 UTC
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 11:21:09 UTC

Description OpenShift BugZilla Robot 2022-07-11 19:21:24 UTC 
+++ This bug was initially created as a clone of Bug #2106086 +++

Description of problem:

OpenShift 4.11 adds a new API field to IngressController: spec.tuningOptions.healthCheckInterval.  This field has the following validation:

 	// +kubebuilder:validation:Pattern=^0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+$

Note that the left subgroup includes the "^" anchor, and the right subgroup includes the "$" anchor.  The validation should be the following:

 	// +kubebuilder:validation:Pattern=^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$


OpenShift release version:

4.11.0


Cluster Platform:

All platforms.


How reproducible:

Easily.


Steps to Reproduce (in detail):
1. Set a value for spec.tuningOptions.healthCheckInterval with a leading 0 and any arbitrary suffix.


Actual results:

Any value with a leading 0 is accepted:

    % oc -n openshift-ingress-operator patch ingresscontroller/default --type=merge --patch='{"spec":{"tuningOptions":{"healthCheckInterval":"0abc"}}}'
    ingresscontroller.operator.openshift.io/default patched

Expected results:

Only 0 or a number with an optional decimal part and with a unit should be accepted:

    % oc -n openshift-ingress-operator patch ingresscontroller/default --type=merge --patch='{"spec":{"tuningOptions":{"healthCheckInterval":"0abc"}}}'
    The IngressController "default" is invalid: spec.tuningOptions.healthCheckInterval: Invalid value: "0abc": spec.tuningOptions.healthCheckInterval in body should match '^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$'


Impact of the problem:

Users can set invalid values.


Additional info:

This API field is new in OpenShift 4.11.0.
Comment 4 Hongan Li 2022-07-14 08:17:38 UTC 
verified with 4.11.0-0.ci-2022-07-13-194139 and passed

$ oc get clusterversion
NAME      VERSION                         AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.11.0-0.ci-2022-07-13-194139   True        False         65m     Cluster version is 4.11.0-0.ci-2022-07-13-194139


$ oc -n openshift-ingress-operator patch ingresscontroller/default --type=merge --patch='{"spec":{"tuningOptions":{"healthCheckInterval":"0abc"}}}'
The IngressController "default" is invalid: spec.tuningOptions.healthCheckInterval: Invalid value: "0abc": spec.tuningOptions.healthCheckInterval in body should match '^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$'
Comment 6 errata-xmlrpc 2022-08-10 11:20:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069
Note You need to log in before you can comment on or make changes to this bug.