Uploaded image for project: 'Cluster Observability Operator'
  1. Cluster Observability Operator
  2. COO-1260

ObservabilityInstaller CR accepts multiple storage backends in objectStorage without validation error

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • cluster-observability
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Summary

        The ObservabilityInstaller CRD currently allows multiple storage backends to be specified simultaneously in the `spec.capabilities.tracing.storage.objectStorage` field without proper validation. This configuration should be rejected with a validation error.

      Current Behavior

      When creating an ObservabilityInstaller CR with multiple storage backends specified (e.g., both Azure and S3), the CR is accepted and created successfully. The system appears to use one of the storage configurations (possibly the last one or following some precedence order) without warning the user about the invalid configuration.

      Expected Behavior

       The CR creation should fail with a validation error when multiple storage backends are specified in the objectStorage configuration. Only one storage backend should be allowed at a time.

      Reproduction Steps

        1. Create an ObservabilityInstaller CR with the following configuration:

        apiVersion: observability.openshift.io/v1alpha1
  kind: ObservabilityInstaller
  metadata:
    name: test-s3-storage
  spec:
    capabilities:
      tracing:
        enabled: true
        operators:
          install: true
        storage:
          objectStorage:
            azure:
              accountName: "ikansetempo"
              container: "ikansecntr"
              accountKeySecret:
                name: "azure-secret"
                key: "account_key"
            s3:
              accessKeyID: "REDACTED"
              accessKeySecret:
                name: "s3-secret"
                key: "access_key_secret"
              bucket: "ikanse-tempostack-s3"
              endpoint: "https://s3.us-east-2.amazonaws.com"
              region: "us-east-2"

        2. Observe that the CR is created successfully instead of being rejected

        Impact{}

        - Users may unknowingly create invalid configurations

        - Potential runtime issues or unexpected behavior when the system attempts to use multiple storage backends

        - Configuration drift and debugging difficulties

        Proposed Solution{}

       Add CEL validation rules to the ObservabilityInstaller CRD to ensure that only one storage backend is specified at a time in the objectStorage configuration. This should be added to the x-kubernetes-validations section similar to the existing TLS validation rule.

              ploffay@redhat.com Pavol Loffay
              rhn-support-ikanse Ishwar Kanse
              None
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: