Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSO status is true if we edit CSI secret with wrong user #1146

Open
saurabhwani5 opened this issue Apr 30, 2024 · 0 comments
Open

CSO status is true if we edit CSI secret with wrong user #1146

saurabhwani5 opened this issue Apr 30, 2024 · 0 comments
Labels
Customer Impact: Localized high impact (3) Reduction of function. Significant impact to workload. Customer Probability: Medium (3) Issue occurs in normal path but specific limited timing window, or other mitigating factor Found In: 2.12.0 For Bug issues to identify what release level issue was found in 2.12.0 Severity: 2 Indicates that the issue is critical and must be addressed before milestone. Type: Bug Indicates issue is an undesired behavior, usually caused by code error.

Comments

@saurabhwani5
Copy link
Member

saurabhwani5 commented Apr 30, 2024
edited
Loading

Describe the bug

When we edit secret with wrong user and then check cso status then it is shown as true and there is no event for same

How to Reproduce?

Please list the steps to help development teams reproduce the behavior

  1. Install CSI with feature to support password rotation #1130 images or dev images:
[root@csi-kube129-1-x-master 1130]# oc apply -f ibm-spectrum-scale-csi-operator.yaml
deployment.apps/ibm-spectrum-scale-csi-operator created
clusterrole.rbac.authorization.k8s.io/ibm-spectrum-scale-csi-operator created
clusterrolebinding.rbac.authorization.k8s.io/ibm-spectrum-scale-csi-operator created
serviceaccount/ibm-spectrum-scale-csi-operator created
customresourcedefinition.apiextensions.k8s.io/csiscaleoperators.csi.ibm.com created
[root@csi-kube129-1-x-master 1130]# oc apply -f csiscaleoperators.csi.ibm.com_cr.yaml
csiscaleoperator.csi.ibm.com/ibm-spectrum-scale-csi created
[root@csi-kube129-1-x-master 1130]# oc get pods
NAME                                                  READY   STATUS    RESTARTS   AGE
ibm-spectrum-scale-csi-78694                          3/3     Running   0          45s
ibm-spectrum-scale-csi-attacher-797bc6ff85-7fhhp      1/1     Running   0          45s
ibm-spectrum-scale-csi-attacher-797bc6ff85-zfhsp      1/1     Running   0          45s
ibm-spectrum-scale-csi-lfffd                          3/3     Running   0          45s
ibm-spectrum-scale-csi-operator-6dd75b845f-sdm8p      1/1     Running   0          83s
ibm-spectrum-scale-csi-provisioner-6dd44f9b4-r2wxx    1/1     Running   0          45s
ibm-spectrum-scale-csi-resizer-5999c8796f-fkxsr       1/1     Running   0          45s
ibm-spectrum-scale-csi-snapshotter-5c5d7fbf5b-xg2t2   1/1     Running   0          45s
[root@csi-kube129-1-x-master 1130]# oc get cso
NAME                     VERSION   SUCCESS
ibm-spectrum-scale-csi   2.11.0    True
[root@csi-kube129-1-x-master 1130]# oc describe pod | grep quay
    Image:         quay.io/badri_pathak/ibm-spectrum-scale-csi-driver:passwordrotation_test12
  Normal   Pulled                           54s                kubelet            Container image "quay.io/badri_pathak/ibm-spectrum-scale-csi-driver:passwordrotation_test12" already present on machine
    Image:         quay.io/badri_pathak/ibm-spectrum-scale-csi-driver:passwordrotation_test12
  Normal   Pulled                           54s                kubelet            Container image "quay.io/badri_pathak/ibm-spectrum-scale-csi-driver:passwordrotation_test12" already present on machine
    Image:         quay.io/badri_pathak/ibm-spectrum-scale-csi-operator:passwordrotation_test10
      CSI_DRIVER_IMAGE:      quay.io/badri_pathak/ibm-spectrum-scale-csi-driver:passwordrotation_test12
  Normal   Pulled                           92s               kubelet            Container image "quay.io/badri_pathak/ibm-spectrum-scale-csi-operator:passwordrotation_test10" already present on machine
  1. Change gui user with wrong username (here I am changing user to wronguser) with base64:
[root@csi-kube129-1-x-master 1130]# oc edit secret guisecret
secret/guisecret edited
  1. Check the CSI pods :
[root@csi-kube129-1-x-master 1130]# oc get pods
NAME                                                  READY   STATUS    RESTARTS   AGE
ibm-spectrum-scale-csi-78694                          3/3     Running   0          3m13s
ibm-spectrum-scale-csi-attacher-797bc6ff85-7fhhp      1/1     Running   0          3m13s
ibm-spectrum-scale-csi-attacher-797bc6ff85-zfhsp      1/1     Running   0          3m13s
ibm-spectrum-scale-csi-lfffd                          3/3     Running   0          3m13s
ibm-spectrum-scale-csi-operator-6dd75b845f-sdm8p      1/1     Running   0          3m51s
ibm-spectrum-scale-csi-provisioner-6dd44f9b4-r2wxx    1/1     Running   0          3m13s
ibm-spectrum-scale-csi-resizer-5999c8796f-fkxsr       1/1     Running   0          3m13s
ibm-spectrum-scale-csi-snapshotter-5c5d7fbf5b-xg2t2   1/1     Running   0          3m13s
  1. Check the CSO status
[root@csi-kube129-1-x-master saurabh]# oc get cso
NAME                     VERSION   SUCCESS
ibm-spectrum-scale-csi   2.11.0    True

Expected behavior

CSO status should be false if username is wrong as improvement so that it will be easy to detect and won't cause any issue during volume creation or CSI upgrade or there should be event generated for the same

logs :

/scale-csi/D.1146
csisnap.tar.gz
@saurabhwani5 saurabhwani5 added Severity: 2 Indicates that the issue is critical and must be addressed before milestone. Type: Bug Indicates issue is an undesired behavior, usually caused by code error. Customer Probability: Medium (3) Issue occurs in normal path but specific limited timing window, or other mitigating factor Customer Impact: Localized high impact (3) Reduction of function. Significant impact to workload. Found In: 2.12.0 For Bug issues to identify what release level issue was found in 2.12.0 labels Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Customer Impact: Localized high impact (3) Reduction of function. Significant impact to workload. Customer Probability: Medium (3) Issue occurs in normal path but specific limited timing window, or other mitigating factor Found In: 2.12.0 For Bug issues to identify what release level issue was found in 2.12.0 Severity: 2 Indicates that the issue is critical and must be addressed before milestone. Type: Bug Indicates issue is an undesired behavior, usually caused by code error.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@saurabhwani5