Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-3327

DPA does not reconcile when credentials secret is updated

XMLWordPrintable

    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • ToDo
    • 0
    • 0.000
    • Very Likely
    • 0
    • None
    • Unset
    • Unknown
    • No

      Description of problem:

      When we patch the cloud-credentials secret with empty data for the key "cloud", DPA does not reconcile and reconciles successfully.

      Version-Release number of selected component (if applicable):

      OADP 1.2.3

      Note: The issue is not visible in OADP 1.3.0

      Also, to mention , the issue looks to be reported previously in https://issues.redhat.com/browse/OADP-171 but the ticket is CLOSED as Obsolete. Not sure if it was fixed in 1.2.x anytime before.

      How reproducible:

      Always

      Steps to Reproduce:
      1. Create cloud-credentials-gcp with the correct credentials.
      2. Create DPA

      - apiVersion: oadp.openshift.io/v1alpha1
        kind: DataProtectionApplication
        metadata:
          creationTimestamp: "2024-01-10T09:02:39Z"
          generation: 1
          name: ts-dpa
          namespace: openshift-adp
          resourceVersion: "54723"
          uid: a6ee76d2-e649-47d7-80a9-6e9a23c0a6d7
        spec:
          backupLocations:
          - velero:
              credential:
                key: cloud
                name: cloud-credentials-gcp
              default: true
              objectStorage:
                bucket: oadpbucketoadp-67160-mcsrz
                prefix: velero
              provider: gcp
          configuration:
            restic:
              enable: true
            velero:
              defaultPlugins:
              - openshift
              - csi
              - gcp
          snapshotLocations:
          - velero:
              credential:
                key: cloud
                name: cloud-credentials-gcp
              provider: gcp
        status:
          conditions:
          - lastTransitionTime: "2024-01-10T09:02:39Z"
            message: Reconcile complete
            reason: Complete
            status: "True"
            type: Reconciled
      
      

      3. After it reconciles, patch the secret to empty the data for key "cloud"

      • oc patch secret cloud-credentials-gcp -n openshift-adp --patch '{"data":{"cloud":""}}'*

        Actual results:

        DPA remains reconciled successfully

        Expected results:

        DPA should fail reconcilation.

        Additional info:

      Secret after patching:

      $ oc get secret cloud-credentials-gcp -o yaml

      apiVersion: v1
      data:
        cloud: ""
        wrong_key: ""
      kind: Secret
      metadata:
        creationTimestamp: "2024-01-10T09:02:05Z"
        labels:
          openshift-adp.dataprotectionapplication: ts-dpa
          openshift.io/oadp: "True"
        name: cloud-credentials-gcp
        namespace: openshift-adp
        resourceVersion: "55638"
        uid: 64e4c28c-c0e3-43b0-bb4b-66cb2163711e
      type: Opaque
      
      

      DPA after patch :

      // Some comments here
      public String getFoo()
      {
          return foo;
      }
      

      $ oc get dpa -o yaml

      
      apiVersion: v1
      items:
      - apiVersion: oadp.openshift.io/v1alpha1
        kind: DataProtectionApplication
        metadata:
          creationTimestamp: "2024-01-10T09:02:39Z"
          generation: 1
          name: ts-dpa
          namespace: openshift-adp
          resourceVersion: "106561"
          uid: a6ee76d2-e649-47d7-80a9-6e9a23c0a6d7
        spec:
          backupLocations:
          - velero:
              credential:
                key: cloud
                name: cloud-credentials-gcp
              default: true
              objectStorage:
                bucket: oadpbucketoadp-67160-mcsrz
                prefix: velero
              provider: gcp
          configuration:
            restic:
              enable: true
            velero:
              defaultPlugins:
              - openshift
              - csi
              - gcp
          snapshotLocations:
          - velero:
              credential:
                key: cloud
                name: cloud-credentials-gcp
              provider: gcp
        status:
          conditions:
          - lastTransitionTime: "2024-01-10T11:23:16Z"
            message: Reconcile complete
            reason: Complete
            status: "True"
            type: Reconciled
      kind: List
      metadata:
        resourceVersion: ""
      
      

              rhn-support-anarnold A Arnold
              rhn-support-ssingla Sachin Singla
              Amos Mastbaum Amos Mastbaum
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: