Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-15168

Oauth Server invalidly proxies cloud IAM traffic

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 4.14.0
    • 4.13, 4.12
    • HyperShift
    • None
    • No
    • Hypershift Sprint 238
    • 1
    • Proposed
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      In the Konnectivity SOCKS proxy: currently the default is to proxy cloud endpoint traffic: https://github.com/openshift/hypershift/blob/main/konnectivity-socks5-proxy/main.go#L61

Due to this after this change: https://github.com/openshift/hypershift/commit/0c52476957f5658cfd156656938ae1d08784b202

The oauth server had a behavior change where it began to proxy iam traffic instead of not proxying it. This causes a regression in Satellite environments running with an HTTP_PROXY server. The original network traffic path needs to be restored

      Version-Release number of selected component (if applicable):

      4.13 4.12

      How reproducible:

      100%

      Steps to Reproduce:

      1. Setup HTTP_PROXY IBM Cloud Satellite environment
2. In the oauth-server pod run a curl against iam (curl -v https://iam.cloud.ibm.com)
3. It will log it is using proxy

      Actual results:

      It is using proxy

      Expected results:

      It should send traffic directly (as it does in 4.11 and 4.10)

      Additional info:

       

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-15301 Oauth Server invalidly proxies cloud IAM traffic

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-15304 Oauth Server invalidly proxies cloud IAM traffic

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is depended on by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-15301 Oauth Server invalidly proxies cloud IAM traffic

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-15304 Oauth Server invalidly proxies cloud IAM traffic

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          GitHub openshift/hypershift#2695: [release-4.12] OCPBUGS-15168: fix(oauth): Do not proxy IBM Cloud IAM endpoints

          GitHub openshift/hypershift#2696: [release-4.13] OCPBUGS-15168: fix(oauth): Do not proxy IBM Cloud IAM endpoints

          GitHub openshift/hypershift#2699: OCPBUGS-15168: fix(oauth): Do not proxy IBM Cloud IAM endpoints

          mentioned on

          GitLab Merge request - Bump IBM integration to our latest prod image.

          Activity

            People

              rh-ee-brcox Bryan Cox
              lisowskiibm Tyler Lisowski
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: