Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: OADP 1.2.4
Affects Version/s: OADP 1.2.3
Component/s: Documentation
Labels:
- needs-rh-qe
- triaged

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
QEStatus:
ToDo
Regression:
No
Intelligence Requested:
Market:

Cost of Delay:
0
WSJF:
0
Risk Probability:
Very Likely
Risk Score:
0

Workstream:

None

Root Cause:
Unset
Failure Category:
Unknown

SFDC Cases Links:
SFDC Cases Counter:

Description of problem:

When we patch the cloud-credentials secret with empty data for the key "cloud", DPA does not reconcile and reconciles successfully.

Version-Release number of selected component (if applicable):

OADP 1.2.3

Note: The issue is not visible in OADP 1.3.0

Also, to mention , the issue looks to be reported previously in https://issues.redhat.com/browse/OADP-171 but the ticket is CLOSED as Obsolete. Not sure if it was fixed in 1.2.x anytime before.

How reproducible:

Always

Steps to Reproduce:
1. Create cloud-credentials-gcp with the correct credentials.
2. Create DPA

- apiVersion: oadp.openshift.io/v1alpha1
  kind: DataProtectionApplication
  metadata:
    creationTimestamp: "2024-01-10T09:02:39Z"
    generation: 1
    name: ts-dpa
    namespace: openshift-adp
    resourceVersion: "54723"
    uid: a6ee76d2-e649-47d7-80a9-6e9a23c0a6d7
  spec:
    backupLocations:
    - velero:
        credential:
          key: cloud
          name: cloud-credentials-gcp
        default: true
        objectStorage:
          bucket: oadpbucketoadp-67160-mcsrz
          prefix: velero
        provider: gcp
    configuration:
      restic:
        enable: true
      velero:
        defaultPlugins:
        - openshift
        - csi
        - gcp
    snapshotLocations:
    - velero:
        credential:
          key: cloud
          name: cloud-credentials-gcp
        provider: gcp
  status:
    conditions:
    - lastTransitionTime: "2024-01-10T09:02:39Z"
      message: Reconcile complete
      reason: Complete
      status: "True"
      type: Reconciled

3. After it reconciles, patch the secret to empty the data for key "cloud"

oc patch secret cloud-credentials-gcp -n openshift-adp --patch '{"data":{"cloud":""}}'*
Actual results:

DPA remains reconciled successfully

Expected results:

DPA should fail reconcilation.

Additional info:

Secret after patching:

$ oc get secret cloud-credentials-gcp -o yaml

apiVersion: v1
data:
  cloud: ""
  wrong_key: ""
kind: Secret
metadata:
  creationTimestamp: "2024-01-10T09:02:05Z"
  labels:
    openshift-adp.dataprotectionapplication: ts-dpa
    openshift.io/oadp: "True"
  name: cloud-credentials-gcp
  namespace: openshift-adp
  resourceVersion: "55638"
  uid: 64e4c28c-c0e3-43b0-bb4b-66cb2163711e
type: Opaque

DPA after patch :

// Some comments here
public String getFoo()
{
    return foo;
}

$ oc get dpa -o yaml


apiVersion: v1
items:
- apiVersion: oadp.openshift.io/v1alpha1
  kind: DataProtectionApplication
  metadata:
    creationTimestamp: "2024-01-10T09:02:39Z"
    generation: 1
    name: ts-dpa
    namespace: openshift-adp
    resourceVersion: "106561"
    uid: a6ee76d2-e649-47d7-80a9-6e9a23c0a6d7
  spec:
    backupLocations:
    - velero:
        credential:
          key: cloud
          name: cloud-credentials-gcp
        default: true
        objectStorage:
          bucket: oadpbucketoadp-67160-mcsrz
          prefix: velero
        provider: gcp
    configuration:
      restic:
        enable: true
      velero:
        defaultPlugins:
        - openshift
        - csi
        - gcp
    snapshotLocations:
    - velero:
        credential:
          key: cloud
          name: cloud-credentials-gcp
        provider: gcp
  status:
    conditions:
    - lastTransitionTime: "2024-01-10T11:23:16Z"
      message: Reconcile complete
      reason: Complete
      status: "True"
      type: Reconciled
kind: List
metadata:
  resourceVersion: ""