Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.17.0
Component/s: oauth-apiserver
Labels:

Severity:
Important
Regression:
Yes
Sprint:
Auth - Sprint 250
sprint_count:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, due to a behavior regression in Go 1.22, `oauth-server` pods crashed if the IDP configuration contained multiple password-based IDPs, such as `htpasswd`, with at least one of them having spaces in its name. Note that if the bootstrap user ,`kubeadmin`, still exists in a cluster, the user also counts as a password-based IDP. With this release, a fix to the `oauth-server` resolves this issue and prevents the server from crashing. (link:https://issues.redhat.com/browse/OCPBUGS-43587[*~~OCPBUGS-43587~~*])

Show
* Previously, due to a behavior regression in Go 1.22, `oauth-server` pods crashed if the IDP configuration contained multiple password-based IDPs, such as `htpasswd`, with at least one of them having spaces in its name. Note that if the bootstrap user ,`kubeadmin`, still exists in a cluster, the user also counts as a password-based IDP. With this release, a fix to the `oauth-server` resolves this issue and prevents the server from crashing. (link: https://issues.redhat.com/browse/OCPBUGS-43587 [* OCPBUGS-43587 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.17.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

    When there is more than one password-based IDP (like htpasswd) and its name contains whitespaces, it causes the oauth-server to panic, if Golang is v1.22 or higher.

Version-Release number of selected component (if applicable):

How reproducible:

    always

Steps to Reproduce:

    1. Create a cluster with OCP 4.17
    2. Create at least two password-based IDP (like htpasswd) with whitespaces in the name.
    3. oauth-server panics.

Actual results:

    oauth-server panics (if Go is at version 1.22 or higher).

Expected results:

    NO REGRESSION, it worked with Go 1.21 and lower.

Additional info:

clones

OCPBUGS-42772 Go's 1.22 net/http.ServeMux causes oauth-server to panic with idp names that contain whitespacs

Verified

depends on

OCPBUGS-42772 Go's 1.22 net/http.ServeMux causes oauth-server to panic with idp names that contain whitespacs

Verified

duplicates

OCPBUGS-44474 No input validation for identityProvider name - accepts name with spaces

Closed

is related to

OCPBUGS-44099 oauth-server panic with OAuth2.0 idp names that contain whitespaces

Verified

relates to

AUTH-550 Impact statement request for OCPBUGS-43587 Go's 1.22 net/http.ServeMux causes oauth-server to panic with idp names that contain whitespacs [4.17]

Closed

links to

openshift/oauth-server#162: [release-4.17] OCPBUGS-43587: Fix login path for go1.22 mux pattern matching

openshift/release#58499: Implement test case OCP-77424 automation for blocker bug OCPBUGS-43587

RHBA-2024:8981 OpenShift Container Platform 4.17.z bug fix update

(3 links to)

Assignee:: Ilias Rinis

Reporter:: Krzysztof Ostrowski

QA Contact:: Xingxing Xia

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2024/10/20 7:58 PM

Updated:: 2024/11/13 4:14 AM

Resolved:: 2024/11/13 4:14 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates