Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-56596

AdditionalTrustBundlePolicy still cannot be set in ABI

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Moderate
    • None
    • None
    • Agent Sprint 271, Agent Sprint 272
    • 2
    • Proposed
    • Bug Fix
    • Hide
      * Previously, when using the Agent-based Installer, setting the `additionalTrustBundlePolicy` field would have no effect, and would cause other overrides such the `fips` parameter to be ignored.

      With this update, the `additionalTrustBundlePolicy` parameter is correctly imported and other overrides are no longer ignored. (link:https://issues.redhat.com/browse/OCPBUGS-56596[OCPBUGS-56596])
      Show
      * Previously, when using the Agent-based Installer, setting the `additionalTrustBundlePolicy` field would have no effect, and would cause other overrides such the `fips` parameter to be ignored. With this update, the `additionalTrustBundlePolicy` parameter is correctly imported and other overrides are no longer ignored. (link: https://issues.redhat.com/browse/OCPBUGS-56596 [ OCPBUGS-56596 ])
    • None
    • None
    • None
    • None

      When using the agent-based installer, setting the additionalTrustBundlePolicy field is not taking effect. The reason for this is that assisted-service does not import the InstallConfig struct from the installer, but instead has its own independent copy in which this field is missing. Therefore the install-config-overrides cannot be applied.

      This should be validated at the time the install-config-overrides are applied (and the code appears to do so), but for unknown reasons the overrides are being silently ignored.

      A side-effect of this is that any other install-config-overrides are also silently ignored when the additionalTrustBundlePolicy is set to a non-default value. This can be observed e.g. by setting fips: true at the same time - the resulting cluster will not have FIPS enabled.

      We need to both fix the validation (since users could manually edit the install-config-overrides annotation to add invalid fields) and populate additionalTrustBundlePolicy in assisted-service's copy of the InstallConfig type.

              bfournie@redhat.com Robert Fournier
              zabitter Zane Bitter
              None
              None
              zhenying niu zhenying niu
              None
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: