Bug 2118625 - [Nutanix] ccoctl panics if nutanix credentials source file and openshift credentials requests files are in the same directory
Summary: [Nutanix] ccoctl panics if nutanix credentials source file and openshift cred...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Credential Operator
Version: 4.11
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.12.0
Assignee: Sid Shukla
QA Contact: Jianping SHu
URL:
Whiteboard:
Depends On:
Blocks: 2118680
TreeView+ depends on / blocked
 
Reported: 2022-08-16 09:47 UTC by Sid Shukla
Modified: 2023-01-17 19:55 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-01-17 19:54:55 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cloud-credential-operator pull 485 0 None open Bug 2118625: Refactor Nutanix plugin to use external credentials structs 2022-08-16 09:54:40 UTC
Red Hat Product Errata RHSA-2022:7399 0 None None None 2023-01-17 19:55:07 UTC

Description Sid Shukla 2022-08-16 09:47:43 UTC
ccoctl on Nutanix crashes with a panic if the credentials requests manifests (YAML) and nutanix credentials source (also YAML) happen to be in the same directory. 

```
ccoctl nutanix create-shared-secrets --credentials-requests-dir=. --output-dir=. --credentials-source-filepath=pccred.yaml

2022/07/29 03:59:48 Saved credentials configuration to: manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc3bb0e]

goroutine 1 [running]:
github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1.(*ProviderCodec).DecodeProviderSpec(0xc00022d600?, 0x7fff970266ce?, {0x238a4d8?, 0xc000146600?})
        /go/src/github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1/codec.go:69 +0x2e
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.processCredReq(0xc00022da00, {0x7fff970266ce, 0x1}, 0x60?)
        /go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:220 +0x85
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecrets({0x7fff970266bf, 0x1}, {0x7fff970266ce, 0x1}, 0xc00000eb10?, 0x32?)
        /go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:182 +0x18d
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecretsCmd(0xc000712c80?, {0x1fd52e4?, 0x3?, 0x3?})
        /go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:131 +0x379
github.com/spf13/cobra.(*Command).execute(0xc000712c80, {0xc0006f1f20, 0x3, 0x3})
        /go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:856 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0006eb180)
        /go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:974 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
        /go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:902
main.main()
        /go/src/github.com/openshift/cloud-credential-operator/cmd/ccoctl/main.go:27 +0x12f
```

Comment 2 Mingxia Huang 2022-08-18 02:15:23 UTC
Reproduced with the old version ccoctl.
1.Extract ccoctl from  RELEASE_IMAGE=registry.ci.openshift.org/ocp/release:4.11.0-0.nightly-2022-08-17-010007
2.Create secret with nutanix credentials source.
$ ccoctl nutanix create-shared-secrets --credentials-requests-dir=. --output-dir=. --credentials-source-filepath=creds.yaml
2022/08/17 05:15:06 Saved credentials configuration to: manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc3bb6e]

goroutine 1 [running]:
github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1.(*ProviderCodec).DecodeProviderSpec(0xc00022f800?, 0x7fffa8a721b7?, {0x238a4d8?, 0xc000089c40?})
	/go/src/github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1/codec.go:69 +0x2e
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.processCredReq(0xc00022fc00, {0x7fffa8a721b7, 0x1}, 0xc0?)
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:220 +0x85
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecrets({0x7fffa8a721a8, 0x1}, {0x7fffa8a721b7, 0x1}, 0xc00000e960?, 0x32?)
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:182 +0x18d
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecretsCmd(0xc000700f00?, {0x1fd52c4?, 0x3?, 0x3?})
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:131 +0x379
github.com/spf13/cobra.(*Command).execute(0xc000700f00, {0xc0006fafc0, 0x3, 0x3})
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:856 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0006d5400)
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:974 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:902
main.main()
	/go/src/github.com/openshift/cloud-credential-operator/cmd/ccoctl/main.go:27 +0x12f

Verified with the new version ccoctl .
1.Extract ccoctl from RELEASE_IMAGE=registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2022-08-17-012756
2.Create secrets with nutanix credentials source.
$ ./ccoctl nutanix create-shared-secrets --credentials-requests-dir=. --output-dir=. --credentials-source-filepath=creds.yaml
2022/08/17 05:19:48 Saved credentials configuration to: manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
3.Check if this secret is correct.
$ oc create -f manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
secret/nutanix-credentials created
$ oc get secret -A | grep nutanix-credentials 
openshift-machine-api                              nutanix-credentials                                               Opaque                                1      34s
4.Base64 decodeing the credentials to check if secret nutanix-credentials is same with creds.yaml file.

Comment 5 errata-xmlrpc 2023-01-17 19:54:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399


Note You need to log in before you can comment on or make changes to this bug.