2118680 – [Nutanix] ccoctl panics if nutanix credentials source file and openshift credentials requests files are in the same directory

Bug 2118680 - [Nutanix] ccoctl panics if nutanix credentials source file and openshift credentials requests files are in the same directory

Summary: [Nutanix] ccoctl panics if nutanix credentials source file and openshift cred...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Cloud Credential Operator
Sub Component:
Version:	4.11
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.11.z
Assignee:	Sid Shukla
QA Contact:	Jianping SHu
Docs Contact:
URL:
Whiteboard:
Depends On:	2118625
Blocks:
TreeView+	depends on / blocked

Reported:	2022-08-16 12:26 UTC by OpenShift BugZilla Robot
Modified:	2022-08-29 06:47 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-08-29 06:46:57 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cloud-credential-operator pull 487	0	None	open	[release-4.11] Bug 2118680: Refactor Nutanix plugin to use external credentials structs	2022-08-18 12:12:35 UTC
Red Hat Product Errata	RHBA-2022:6143	0	None	None	None	2022-08-29 06:47:07 UTC

Description OpenShift BugZilla Robot 2022-08-16 12:26:38 UTC

+++ This bug was initially created as a clone of Bug #2118625 +++

ccoctl on Nutanix crashes with a panic if the credentials requests manifests (YAML) and nutanix credentials source (also YAML) happen to be in the same directory. 

```
ccoctl nutanix create-shared-secrets --credentials-requests-dir=. --output-dir=. --credentials-source-filepath=pccred.yaml

2022/07/29 03:59:48 Saved credentials configuration to: manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc3bb0e]

goroutine 1 [running]:
github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1.(*ProviderCodec).DecodeProviderSpec(0xc00022d600?, 0x7fff970266ce?, {0x238a4d8?, 0xc000146600?})
        /go/src/github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1/codec.go:69 +0x2e
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.processCredReq(0xc00022da00, {0x7fff970266ce, 0x1}, 0x60?)
        /go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:220 +0x85
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecrets({0x7fff970266bf, 0x1}, {0x7fff970266ce, 0x1}, 0xc00000eb10?, 0x32?)
        /go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:182 +0x18d
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecretsCmd(0xc000712c80?, {0x1fd52e4?, 0x3?, 0x3?})
        /go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:131 +0x379
github.com/spf13/cobra.(*Command).execute(0xc000712c80, {0xc0006f1f20, 0x3, 0x3})
        /go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:856 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0006eb180)
        /go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:974 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
        /go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:902
main.main()
        /go/src/github.com/openshift/cloud-credential-operator/cmd/ccoctl/main.go:27 +0x12f
```

Comment 1 Mingxia Huang 2022-08-17 10:12:33 UTC

Reproduced with the old version ccoctl.
1.Extract ccoctl from  RELEASE_IMAGE=registry.ci.openshift.org/ocp/release:4.11.0-0.nightly-2022-08-17-010007
2.Create secret with nutanix credentials source.
$ ccoctl nutanix create-shared-secrets --credentials-requests-dir=. --output-dir=. --credentials-source-filepath=creds.yaml
2022/08/17 05:15:06 Saved credentials configuration to: manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc3bb6e]

goroutine 1 [running]:
github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1.(*ProviderCodec).DecodeProviderSpec(0xc00022f800?, 0x7fffa8a721b7?, {0x238a4d8?, 0xc000089c40?})
	/go/src/github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1/codec.go:69 +0x2e
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.processCredReq(0xc00022fc00, {0x7fffa8a721b7, 0x1}, 0xc0?)
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:220 +0x85
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecrets({0x7fffa8a721a8, 0x1}, {0x7fffa8a721b7, 0x1}, 0xc00000e960?, 0x32?)
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:182 +0x18d
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecretsCmd(0xc000700f00?, {0x1fd52c4?, 0x3?, 0x3?})
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:131 +0x379
github.com/spf13/cobra.(*Command).execute(0xc000700f00, {0xc0006fafc0, 0x3, 0x3})
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:856 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0006d5400)
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:974 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:902
main.main()
	/go/src/github.com/openshift/cloud-credential-operator/cmd/ccoctl/main.go:27 +0x12f

Verified with the new version ccoctl .
1.Extract ccoctl from RELEASE_IMAGE=registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2022-08-17-012756
2.Create secrets with nutanix credentials source.
$ ./ccoctl nutanix create-shared-secrets --credentials-requests-dir=. --output-dir=. --credentials-source-filepath=creds.yaml
2022/08/17 05:19:48 Saved credentials configuration to: manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
3.Check if this secret is correct.
$ oc create -f manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
secret/nutanix-credentials created
$ oc get secret -A | grep nutanix-credentials 
openshift-machine-api                              nutanix-credentials                                               Opaque                                1      34s
4.Base64 decodeing the credentials to check if secret nutanix-credentials is same with creds.yaml file.

Comment 3 Mingxia Huang 2022-08-23 10:34:09 UTC

Reproduced with the old version ccoctl.
1.Extract ccoctl from  RELEASE_IMAGE=registry.ci.openshift.org/ocp/release:4.10.0-0.nightly-2022-08-23-003356
2.Create secret with nutanix credentials source.
$ ccoctl nutanix create-shared-secrets --credentials-requests-dir=. --output-dir=. --credentials-source-filepath=creds.yaml
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc3bb6e]

goroutine 1 [running]:
github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1.(*ProviderCodec).DecodeProviderSpec(0xc00061fbb8?, 0x2386800?, {0x238a4d8?, 0xc000089500?})
	/go/src/github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1/codec.go:69 +0x2e
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.processCredReq(0xc00020fa00, {0x7ffe5ab151c4, 0x1}, 0xc0?)
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:220 +0x85
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecrets({0x7ffe5ab151b5, 0x1}, {0x7ffe5ab151c4, 0x1}, 0xc00000e9f0?, 0x32?)
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:182 +0x18d
github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix.createSecretsCmd(0xc0006cdb80?, {0x1fd52c4?, 0x3?, 0x3?})
	/go/src/github.com/openshift/cloud-credential-operator/pkg/cmd/provisioning/nutanix/create_shared_secrets.go:131 +0x379
github.com/spf13/cobra.(*Command).execute(0xc0006cdb80, {0xc0006c8e40, 0x3, 0x3})
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:856 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0006b4280)
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:974 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
	/go/src/github.com/openshift/cloud-credential-operator/vendor/github.com/spf13/cobra/command.go:902
main.main()
	/go/src/github.com/openshift/cloud-credential-operator/cmd/ccoctl/main.go:27 +0x12f


Verified with the new version ccoctl .
1.Extract ccoctl from RELEASE_IMAGE=registry.ci.openshift.org/ocp/release:4.11.0-0.nightly-2022-08-23-050348
2.Create secrets with nutanix credentials source.
$ ./ccoctl nutanix create-shared-secrets --credentials-requests-dir=. --output-dir=. --credentials-source-filepath=creds.yaml
2022/08/23 06:28:04 Saved credentials configuration to: manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
3.Check if this secret is correct.
$ oc create -f manifests/openshift-machine-api-nutanix-credentials-credentials.yaml
secret/nutanix-credentials created
$ oc get secret -A | grep nutanix-credentials
openshift-machine-api                              nutanix-credentials                                             Opaque                                1      17s
4.Base64 decodeing the credentials to check if secret nutanix-credentials is same with creds.yaml file.

Comment 6 errata-xmlrpc 2022-08-29 06:46:57 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.11.2 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:6143

Note You need to log in before you can comment on or make changes to this bug.