Bug 2117474
| Summary: | ccoctl panics while trying to create a secret from credential request which does not have providerspec within it | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Karthik K N <kabhat> |
| Component: | Cloud Credential Operator | Assignee: | Nobody <nobody> |
| Status: | CLOSED ERRATA | QA Contact: | Jianping SHu <jshu> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.12 | CC: | mkumatag |
| Target Milestone: | --- | ||
| Target Release: | 4.12.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-01-17 19:54:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Reproduced with the above cr.yaml(wrong ident for providerSpec) and old version ccoctl
[cloud-user@preserve-for-hive-test ]$ ccoctl ibmcloud create-service-id --name jshu-service1 --credentials-requests-dir ./reqs
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc3bb6e]
goroutine 1 [running]:
github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1.(*ProviderCodec).DecodeProviderSpec(0x203000?, 0xc00087bb38?, {0x238d840?, 0xc00029b800?})
/go/src/github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1/codec.go:69 +0x2e
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud.(*ServiceID).Validate(0xc00029a600)
/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud/service_id.go:89 +0x79
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud.createServiceIDs({0x23a1a70?, 0xc0006ff290}, 0xc0007c61a0, {0x7ffc0a43419e, 0xd}, {0x0?, 0xc00061fd90?}, {0x7ffc0a4341c7, 0x6}, {0xc0000440c4, ...}, ...)
/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud/create_service_id.go:118 +0x39e
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud.createServiceIDCmd(0xc000704000?, {0x1fd52c4?, 0x4?, 0x4?})
/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud/create_service_id.go:81 +0x19c
github.com/spf13/cobra.(*Command).execute(0xc000704000, {0xc000454e80, 0x4, 0x4})
/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:856 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0006c3680)
/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:974 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:902
main.main()
/go/src/github.com/openshift/cloud-credential-operator/cmd/ccoctl/main.go:27 +0x12f
Verified with the above cr.yaml(wrong ident for providerSpec) and new version ccoctl extracted from 4.12.0-0.nightly-2022-08-11-131011
[cloud-user@preserve-for-hive-test ]$ ./ccoctl ibmcloud create-service-id --name jshu-service1 --credentials-requests-dir ./reqs
Error: Failed to validate the serviceID: Spec.ProviderSpec is empty in credentials request
Usage:
ccoctl ibmcloud create-service-id [flags]
Flags:
--credentials-requests-dir string Directory containing files of CredentialsRequests to create IAM Roles for (can be created by running 'oc adm release extract --credentials-requests --cloud=ibmcloud' against an OpenShift release image)
--enable-tech-preview Opt into processing CredentialsRequests marked as tech-preview
-h, --help help for create-service-id
--name string User-defined name for all created IBM Cloud resources (can be separate from the cluster's infra-id)
--output-dir string Directory to place generated files (defaults to current directory)
--resource-group-name string Name of the resource group used for scoping the access policies
2022/08/11 10:10:12 Failed to validate the serviceID: Spec.ProviderSpec is empty in credentials request
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399 |
Description of problem: ccoctl binary panics while creating a secret from CR. Version-Release number of selected component (if applicable): 4.12 How reproducible: Try creating a secret from credential request file which does not have providerspec within it or which is wrongly indented. Sample credential request file [root@rdr-mdnnew2-6fc4-syd04-bastion-0 ccoctl]# cat reqs/cr.yaml apiVersion: cloudcredential.openshift.io/v1 kind: CredentialsRequest metadata: name: powervs-block-csi-driver-operator namespace: openshift-cloud-credential-operator annotations: include.release.openshift.io/self-managed-high-availability: "true" spec: secretRef: name: ibm-powervs-cloud-credentials namespace: openshift-cluster-csi-drivers providerSpec: apiVersion: cloudcredential.openshift.io/v1 kind: IBMCloudPowerVSProviderSpec policies: - attributes: - name: serviceName value: power-iaas roles: - crn:v1:bluemix:public:iam::::role:Operator - crn:v1:bluemix:public:iam::::role:Editor - crn:v1:bluemix:public:iam::::role:Viewer - crn:v1:bluemix:public:iam::::serviceRole:Reader - crn:v1:bluemix:public:iam::::serviceRole:Manager - attributes: - name: resourceType value: resource-group roles: - crn:v1:bluemix:public:iam::::role:Viewer Panic Message: [root@rdr-mdnnew2-6fc4-syd04-bastion-0 ccoctl]# ./main ibmcloud create-service-id --name service1 --credentials-requests-dir reqs panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x7c2a44] goroutine 1 [running]: github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1.(*ProviderCodec).DecodeProviderSpec(0x629f8?, 0x0?, {0x1f23868?, 0xc0001a0a80?}) /root/cso/cco/cloud-credential-operator/pkg/apis/cloudcredential/v1/codec.go:69 +0x54 github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud.(*ServiceID).Validate(0xc000033b60) /root/cso/cco/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud/service_id.go:89 +0x74 github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud.createServiceIDs({0x1f382e8?, 0xc00079e0c0}, 0xc000430bf0, {0x7fffcfe2f569, 0x8}, {0x0?, 0xc000767ee8?}, {0x7fffcfe2f58d, 0x4}, {0xc000044104, ...}, ...) /root/cso/cco/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud/create_service_id.go:118 +0x198 github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud.createServiceIDCmd(0xc000791900?, {0x1b584f5?, 0x4?, 0x4?}) /root/cso/cco/cloud-credential-operator/pkg/cmd/provisioning/ibmcloud/create_service_id.go:81 +0x17c github.com/spf13/cobra.(*Command).execute(0xc000791900, {0xc000543ec0, 0x4, 0x4}) /root/cso/cco/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:856 +0x56c github.com/spf13/cobra.(*Command).ExecuteC(0xc00075d180) /root/cso/cco/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:974 +0x36c github.com/spf13/cobra.(*Command).Execute(...) /root/cso/cco/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:902 main.main() /root/cso/cco/cloud-credential-operator/cmd/ccoctl/main.go:27 +0x100