Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-25781

defaultConfigOverwrite doesn't work as described

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhos-18.0.16
    • barbican-operator
    • None
    • Low

      To Reproduce Steps to reproduce the behavior:

      1. Configure the .spec.defaultConfigOverwrite or .spec.barbicanAPI.defaultConfigOverwrite (I assume barbicanKeystoneListener and barbicanWorker behave the same, but I haven't tried those two) with some custom contents
      2. Look where those contents appear inside the pod (they'll appear inside /etc/barbican/barbican.cond.d/<filename based on defaultConfigOverwrite contents>)

      Expected behavior

      • The contents should appear inside /etc/barbican/<filename based on defaultConfigOverwrite contents> as per the field description.

      Bug impact

      • This prevents some config customization. It also introduces inconsistencies between operators (e.g. the same field in nova-operator works as described in the CRD description and puts the modified config inside /etc/nova/)

      Known workaround

      • no workaround that I'm aware of

      Additional context

      • The barbican CRD description says the following for the .spec.barbicanAPI.defaultConfigOverwrite field (notice the path):
      $ oc explain barbican.spec.barbicanAPI.defaultConfigOverwrite
GROUP:      barbican.openstack.org
KIND:       Barbican
VERSION:    v1beta1FIELD: defaultConfigOverwrite <map[string]string>
DESCRIPTION:
    ConfigOverwrite - interface to overwrite default config files like e.g.
    policy.json.
    But can also be used to add additional files. Those get added to the service
    config dir in /etc/<service> .
      • I have this barbican CR (I redacted the uninteresting parts):
      $ oc get barbican barbican -oyaml
apiVersion: barbican.openstack.org/v1beta1
kind: Barbican
metadata:
...
spec:
  apiTimeout: 90
  barbicanAPI:
...
    defaultConfigOverwrite:
      policy.yaml: |
        my policy contents
...
      • Now I'd expect to have a file in /etc/barbican/policy.yaml with my contents but it's not there
      $ oc rsh -c barbican-api barbican-api-85d59845b-4572k ls /etc/barbican
api_audit_map.conf  barbican-api-paste.ini  barbican.conf  barbican.conf.d  barbican-functional.conf  gunicorn-config.py  vassals
      • Instead it's in /etc/barbican/barbican.conf.d/policy.yaml
      $ oc rsh -c barbican-api barbican-api-85d59845b-4572k cat /etc/barbican/barbican.conf.d/policy.yaml
my policy contents

              Unassigned Unassigned
              rh-ee-jwysogla Jaromir Wysoglad
              rhos-dfg-security
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: