Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Minor
Fix Version/s: None
Affects Version/s: 4.9.z
Component/s: kube-apiserver
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
No

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

     The GitHub IDP admission CR validator does not correctly validate IP addresses. The issue is that when you use some invalid IP address for example 1.1.1.1.1 the kvalidation.IsDNS1123Subdomain matches it as a valid subdomain and the netutils.ParseIPSloppy is not called.

PTAL https://github.com/openshift/kubernetes/blob/91607f5d750ba4002f87d34a12ae1cfd45b45b81/openshift-kube-apiserver/admission/customresourcevalidation/oauth/helpers.go#L13

Version-Release number of selected component (if applicable):

    afaik all for past 4 years

How reproducible:

    Create GitHub IDP using invalid IP for example 1.1.1.1.1.1

Steps to Reproduce:

    1. Create GitHub IDP using invalid IP for example 1.1.1.1.1.1
    2.
    3.

Actual results:

    Updates oauth with the github idp

Expected results:

    Throw error that the IP is not valid

Additional info:

Assignee:: Unassigned

Reporter:: Martin Necas

Need Info From:: None

Contributors:: None

QA Contact:: Ke Wang

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/04/03 7:10 AM

Updated:: 2025/07/23 5:43 AM

Resolved:: 2024/12/20 4:15 PM