Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-6765 Self-signed certificate for internal image backup should not break other BSLs
  3. OADP-6767

[IBM QE-P] Verify Story OADP-6765 - Self-signed certificate for internal image backup should not break other BSLs

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Undefined Undefined
    • OADP 1.5.3
    • None
    • None
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • False
    • ToDo
    • Very Likely
    • 0
    • None
    • Unset
    • Unknown

      Description of problem:

      In https://github.com/openshift/oadp-operator/pull/1930 implementation, once cacert is read, the cert gets applied globally in the velero instance affecting all BSLs.

      It should instead try concatenate system trusted certs as to not break other bsls.

      In addition this should allow for more than one BSL with custom cacert to work simultaneously.

      Version-Release number of selected component (if applicable):

       

      Steps to Reproduce:
      1. Use a storage provider with a self-signed certificate such as minio, and also aws w/o additional cert
      2. Backup.

      Actual results:

      only minio passes. aws fails x509: certificate signed by unknown authority

      Expected results:

      Successful on both

        1. OADP-6765.txt
          17 kB

              sgarudi Sonia Garudi
              akarol@redhat.com Aziza Karol
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: