Details
-
Bug
-
Resolution: Done
-
Undefined
-
None
-
4.13
-
Moderate
-
No
-
False
-
-
N/A
-
Bug Fix
-
Done
Description
Description of problem:
On 4.13, installer failed to parse client certificate when using certificate-based Service Principal with passpharse, error is as below:
[fedora@preserve-jima 4.13.0-0.nightly-2023-02-13-235211]$ ./openshift-install create install-config --dir test
? SSH Public Key /home/fedora/.ssh/openshift-qe.pub
? Platform azure
WARNING Using client certs to authenticate. Please be warned cluster does not support certs and only the installer does.
INFO Credentials loaded from file "/home/fedora/.azure/osServicePrincipal.json"
FATAL failed to fetch Install Config: failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": failed to parse client certificate: pkcs12: decryption password incorrect
The content of osServicePrincipal.json:
[fedora@preserve-jima 4.13.0-0.nightly-2023-02-13-235211]$ cat ~/.azure/osServicePrincipal.json
{"subscriptionId":"xxxxx-xxx-xxx-xxx-xxx","clientId":"xxxxx-xxx-xxx-xxx-xxx","tenantId":"xxxxx-xxx-xxx-xxx-xxx","clientCertificate":"/home/fedora/azure/client-certs/cert.pfx","clientCertificatePassword":"PASSWORD"}
when creating PEM certificate and pfx file without passpharse, installer can parse certs correctly and continue the installation.
Issue also does not reproduce on 4.12 by using certificate-based SP with/without passpharse.
Version-Release number of selected component (if applicable):
4.13.0-0.nightly-2023-02-13-235211
How reproducible:
Always on 4.13
Steps to Reproduce:
1. Generate certificates pem and pfx file with passpharse 2. Add public cert in existing Service Principal on azure portal, and config ~/.azure/osServicePrincipal.json 3. Trigger installation
Actual results:
installer failed to parse certificate
Expected results:
Installation is successful.
Additional info:
Issue only happens on 4.13, certificate-based SP with passpharse
