Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-8512

WebhookConfiguration caBundle injection is incorrect when some webhooks already confiugred

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done-Errata
    • Major
    • 4.15.0
    • 4.12, 4.11, 4.10
    • service-ca
    • None
    • Important
    • No
    • Auth - Sprint 240, Auth - Sprint 241, Auth - Sprint 242
    • 3
    • Rejected
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      WebhookConfiguration caBundle injection is incorrect when some webhooks already configured with caBundle.

Behavior seems to be that the first n number of webhooks in `.webhooks` array have caBundle injected, where n is the number of webhooks that do not have caBundle set.

      Version-Release number of selected component (if applicable):

       

      How reproducible

       

      Steps to Reproduce:

      1. Create a validatingwebhookconfigurations or mutatingwebhookconfigurations with `service.beta.openshift.io/inject-cabundle: "true"` annotation.

2. oc edit validatingwebhookconfigurations (or oc edit mutatingwebhookconfigurations)

3. Add a new webhook to the end of the list `.webhooks`. It will not have caBundle set manually as service-ca should inject it. 

4. Observe new webhook does not get caBundle injected.

Note: it is important in step. 3 that the new webhook is added to the end of the list.

       

      Actual results:

      Only the first n webhooks have caBundle injected where n is the number of webhooks without caBundle set.

      Expected results:

      All webhooks have caBundle injected when they do not have it set.

      Additional info:

      Open PR here: https://github.com/openshift/service-ca-operator/pull/207

The issue seems to be a mistake with go-lang for range syntax where "i" is the index of desired "i" to update.  

tl dr; code should update the value of the int in the array, not the index of the int in the array.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-19318 WebhookConfiguration caBundle injection is incorrect when some webhooks already confiugred

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-19318 WebhookConfiguration caBundle injection is incorrect when some webhooks already confiugred

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          GitHub openshift/service-ca-operator#219: OCPBUGS-8512: fix admission webhook CA injection

          Web Link RHEA-2023:7198 rpm

          Activity

            People

              slaznick@redhat.com Stanislav Laznicka
              dunnevan Evan Dunn (Inactive)
              Deepak Punia Deepak Punia
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: