-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.18.0
-
None
-
Important
-
None
-
Proposed
-
False
-
Description of problem:
OCPBUGS-42772 is verified. But testing found oauth-server panic with OAuth2.0 idp names that contain whitespaces
Version-Release number of selected component (if applicable):
4.18.0-0.nightly-2024-10-31-190119
How reproducible:
Always
Steps to Reproduce:
1. Set up Google IDP with below: $ oc create secret generic google-secret-1 --from-literal=clientSecret=xxxxxxxx -n openshift-config $ oc edit oauth cluster spec: identityProviders: - google: clientID: 9745..snipped..apps.googleusercontent.com clientSecret: name: google-secret-1 hostedDomain: redhat.com mappingMethod: claim name: 'my Google idp' type: Google ...
Actual results:
oauth-server panic:
$ oc get po -n openshift-authentication NAME READY STATUS RESTARTS oauth-openshift-59545c6f5-dwr6s 0/1 CrashLoopBackOff 11 (4m10s ago) ... $ oc logs -p -n openshift-authentication oauth-openshift-59545c6f5-dwr6s Copying system trust bundle I1101 03:40:09.883698 1 dynamic_serving_content.go:113] "Loaded a new cert/key pair" name="serving-cert::/var/config/system/secrets/v4-0-config-system-serving-cert/tls.crt::/var/config/system/secrets/v4-0-config-system-serving-cert/tls.key" I1101 03:40:09.884046 1 dynamic_serving_content.go:113] "Loaded a new cert/key pair" name="sni-serving-cert::/var/config/system/secrets/v4-0-config-system-router-certs/apps.hongli-az.qe.azure.devcluster.openshift.com::/var/config/system/secrets/v4-0-config-system-router-certs/apps.hongli-az.qe.azure.devcluster.openshift.com" I1101 03:40:10.335739 1 audit.go:340] Using audit backend: ignoreErrors<log> I1101 03:40:10.347632 1 requestheader_controller.go:244] Loaded a new request header values for RequestHeaderAuthRequestController panic: parsing "/oauth2callback/my Google idp": at offset 0: invalid method "/oauth2callback/my"goroutine 1 [running]: net/http.(*ServeMux).register(...) net/http/server.go:2738 net/http.(*ServeMux).Handle(0x29844c0?, {0xc0008886a0?, 0x2984420?}, {0x2987fc0?, 0xc0006ff4a0?}) net/http/server.go:2701 +0x56 github.com/openshift/oauth-server/pkg/oauthserver.(*OAuthServerConfig).getAuthenticationHandler(0xc0006c28c0, {0x298f618, 0xc0008a4d00}, {0x2984540, 0xc000171450}) github.com/openshift/oauth-server/pkg/oauthserver/auth.go:407 +0x11ad github.com/openshift/oauth-server/pkg/oauthserver.(*OAuthServerConfig).getAuthorizeAuthenticationHandlers(0xc0006c28c0, {0x298f618, 0xc0008a4d00}, {0x2984540, 0xc000171450}) github.com/openshift/oauth-server/pkg/oauthserver/auth.go:243 +0x65 github.com/openshift/oauth-server/pkg/oauthserver.(*OAuthServerConfig).WithOAuth(0xc0006c28c0, {0x2982500, 0xc0000aca80}) github.com/openshift/oauth-server/pkg/oauthserver/auth.go:108 +0x21d github.com/openshift/oauth-server/pkg/oauthserver.(*OAuthServerConfig).buildHandlerChainForOAuth(0xc0006c28c0, {0x2982500?, 0xc0000aca80?}, 0xc000785888) github.com/openshift/oauth-server/pkg/oauthserver/oauth_apiserver.go:342 +0x45 k8s.io/apiserver/pkg/server.completedConfig.New.func1({0x2982500?, 0xc0000aca80?}) k8s.io/apiserver@v0.29.2/pkg/server/config.go:825 +0x28 k8s.io/apiserver/pkg/server.NewAPIServerHandler({0x252ca0a, 0xf}, {0x2996020, 0xc000501a00}, 0xc0005d1740, {0x0, 0x0}) k8s.io/apiserver@v0.29.2/pkg/server/handler.go:96 +0x2ad k8s.io/apiserver/pkg/server.completedConfig.New({0xc000785888?, {0x0?, 0x0?}}, {0x252ca0a, 0xf}, {0x29b41a0, 0xc000171370}) k8s.io/apiserver@v0.29.2/pkg/server/config.go:833 +0x2a5 github.com/openshift/oauth-server/pkg/oauthserver.completedOAuthConfig.New({{0xc0005add40?}, 0xc0006c28c8?}, {0x29b41a0?, 0xc000171370?}) github.com/openshift/oauth-server/pkg/oauthserver/oauth_apiserver.go:322 +0x6a github.com/openshift/oauth-server/pkg/cmd/oauth-server.RunOsinServer(0xc000451cc0?, 0xc000810000?, 0xc00061a5a0) github.com/openshift/oauth-server/pkg/cmd/oauth-server/server.go:45 +0x73 github.com/openshift/oauth-server/pkg/cmd/oauth-server.(*OsinServerOptions).RunOsinServer(0xc00030e168, 0xc00061a5a0) github.com/openshift/oauth-server/pkg/cmd/oauth-server/cmd.go:108 +0x259 github.com/openshift/oauth-server/pkg/cmd/oauth-server.NewOsinServerCommand.func1(0xc00061c300?, {0x251a8c8?, 0x4?, 0x251a8cc?}) github.com/openshift/oauth-server/pkg/cmd/oauth-server/cmd.go:46 +0xed github.com/spf13/cobra.(*Command).execute(0xc000780008, {0xc00058d6c0, 0x7, 0x7}) github.com/spf13/cobra@v1.7.0/command.go:944 +0x867 github.com/spf13/cobra.(*Command).ExecuteC(0xc0001a3b08) github.com/spf13/cobra@v1.7.0/command.go:1068 +0x3a5 github.com/spf13/cobra.(*Command).Execute(...) github.com/spf13/cobra@v1.7.0/command.go:992 k8s.io/component-base/cli.run(0xc0001a3b08) k8s.io/component-base@v0.29.2/cli/run.go:146 +0x290 k8s.io/component-base/cli.Run(0xc00061a5a0?) k8s.io/component-base@v0.29.2/cli/run.go:46 +0x17 main.main() github.com/openshift/oauth-server/cmd/oauth-server/main.go:46 +0x2de
Expected results:
No panic
Additional info:
Tried in old env like 4.16.20 with same steps, no panic: $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.16.20 True False 95m Cluster version is 4.16.20 $ oc get po -n openshift-authentication NAME READY STATUS RESTARTS AGE oauth-openshift-7dfcd8c8fd-77ltf 1/1 Running 0 116s oauth-openshift-7dfcd8c8fd-sr97w 1/1 Running 0 89s oauth-openshift-7dfcd8c8fd-tsrff 1/1 Running 0 62s
- blocks
-
OCPBUGS-44118 oauth-server panic with OAuth2.0 idp names that contain whitespaces
- Closed
- is cloned by
-
OCPBUGS-44118 oauth-server panic with OAuth2.0 idp names that contain whitespaces
- Closed
- relates to
-
OCPBUGS-43587 Go's 1.22 net/http.ServeMux causes oauth-server to panic with idp names that contain whitespacs [4.17]
- Closed
- links to
-
RHEA-2024:6122 OpenShift Container Platform 4.18.z bug fix update