2126694 – [KMIP][UI] Incomplete KMS details for Thales is listed under existing KMS connections during SC creation

Bug 2126694 - [KMIP][UI] Incomplete KMS details for Thales is listed under existing KMS connections during SC creation

Summary: [KMIP][UI] Incomplete KMS details for Thales is listed under existing KMS con...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat OpenShift Data Foundation
Classification:	Red Hat Storage
Component:	management-console
Sub Component:
Version:	4.12
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	ODF 4.12.0
Assignee:	Sanjal Katiyar
QA Contact:	Rachael
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-09-14 09:23 UTC by Rachael
Modified:	2023-08-09 16:46 UTC (History)
CC List:	6 users (show)
Fixed In Version:	4.12.0-74
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-02-08 14:06:28 UTC
Embargoed:

Attachments	(Terms of Use)

Description Rachael 2022-09-14 09:23:21 UTC

Description of problem (please be detailed as possible and provide log
snippets):

In ODF 4.12, while creating an encrypted RBD storageclass, Under "Choose existing KMS connection", the KMS config listed for Thales (using KMIP) provider lists the connection details which do not have the Unique identifier required for PV encryption using KMIP.

The csi-kms-connection-detail configmap from where this connection detail is listed in the UI was created during deployment using the inputs given for clusterwide encryption using Thales (KMIP), which does not require the unique identifier to be provided.

We can either not create this configmap during deployment or check for complete/required parameters in the connection details before listing them in the UI.

Version of all relevant components (if applicable):
---------------------------------------------------
ODF: odf-operator.v4.12.0 full_version=4.12.0-50
OCP: 4.12.0-0.nightly-2022-09-08-114806

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?

The user may use this existing connection detail to create a storageclass and a PVC, which would ultimately fail, since the uinique identifier for the Key is missing.

Is there any workaround available to the best of your knowledge?
Manually editing the configmap via CLI or creating a new connection detail

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
2

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
Yes

If this is a regression, please provide more details to justify this:
No

Steps to Reproduce:
-------------------

1. Deploy an ODF 412 cluster with clusterwide encryption enabled using Thales KMIP
2. Create an encrypted RBD storageclass from the UI:
Storage -> StorageClasses -> Create StorageClass
3. Select RBD provisioner from the list of provisioners
4. Click on enable encryption -> Choose existing KMS connection
5. Select Thales (using KMIP) as the provider
6. Under Key service select the existing connection listed
7. Create the storageclass
8. Create a PVC using the storageclass

Actual results:
---------------
PVC creation will fail, since the Unique Identifier is missing

Expected results:
-----------------
The connection details should be filtered out so that only valid entries are listed.

Note You need to log in before you can comment on or make changes to this bug.