-
Bug
-
Resolution: Done-Errata
-
Major
-
4.12, 4.11, 4.10
-
Important
-
No
-
Rejected
-
False
-
-
-
Bug Fix
-
Done
This is a clone of issue OCPBUGS-8512. The following is the description of the original issue:
—
Description of problem:
WebhookConfiguration caBundle injection is incorrect when some webhooks already configured with caBundle. Behavior seems to be that the first n number of webhooks in `.webhooks` array have caBundle injected, where n is the number of webhooks that do not have caBundle set.
Version-Release number of selected component (if applicable):
How reproducible
Steps to Reproduce:
1. Create a validatingwebhookconfigurations or mutatingwebhookconfigurations with `service.beta.openshift.io/inject-cabundle: "true"` annotation. 2. oc edit validatingwebhookconfigurations (or oc edit mutatingwebhookconfigurations) 3. Add a new webhook to the end of the list `.webhooks`. It will not have caBundle set manually as service-ca should inject it. 4. Observe new webhook does not get caBundle injected. Note: it is important in step. 3 that the new webhook is added to the end of the list.
Actual results:
Only the first n webhooks have caBundle injected where n is the number of webhooks without caBundle set.
Expected results:
All webhooks have caBundle injected when they do not have it set.
Additional info:
Open PR here: https://github.com/openshift/service-ca-operator/pull/207 The issue seems to be a mistake with go-lang for range syntax where "i" is the index of desired "i" to update. tl dr; code should update the value of the int in the array, not the index of the int in the array.
- clones
-
-
- Closed
-
- is blocked by
-
-
- Closed
-
- links to
-
RHSA-2023:5006
OpenShift Container Platform 4.14.z security update