Helm override update "oidc-auth-apps" with new values doesn't take affect
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
Fix Released
|
Medium
|
Jerry Sun | ||
Bug Description
Brief Description
-----------------
Override the oidc-auth-apps with new values and apply without removing it, the pods still runs on old values and new values doesn't take affect
Severity
--------
Major
Steps to Reproduce
------------------
1)After controller is unlocked, create kubernetes secret for running dex and oidc-client:
kubectl create secret tls local-dex.tls --cert=
kubectl create secret generic dex-client-secret --from-
2)copy the dex-overrride.yaml file
cat dex-overrides.yaml
config:
expiry:
idTokens: "20m"
connectors:
- type: ldap
name: OpenLDAP
id: ldap
config:
host: pv-windows-
rootCA: /etc/ssl/
insecureN
insecureS
bindDN: cn=Administrato
bindPW: Li69nux*
usernameP
userSearch:
baseDN: ou=Users,
filter: "(objectClass=
username: sAMAccountName
idAttr: sAMAccountName
emailAttr: sAMAccountName
nameAttr: displayName
extraVolumes:
- name: certdir
secret:
secretName: wadcert
extraVolumeMounts:
- name: certdir
mountPath: /etc/ssl/
4)and apply the application:
system helm-override-
system application-apply oidc-auth-apps
[sysadmin@
+------
| application | version | manifest name | manifest file | status | progress |
+------
| oidc-auth-apps | 1.0-0 | oidc-auth-manifest | manifest.yaml | applied | completed |
| platform-integ-apps | 1.0-8 | platform-
5)Now change the values of the dex-override.yaml file like "id expiry" and override,apply as follows
[sysadmin@
+------
| Property | Value |
+------
| name | dex |
| namespace | kube-system |
| user_overrides | config: |
| | connectors: |
| | - config: |
| | bindDN: cn=Administrato
| | bindPW: Li69nux* |
| | host: pv-windows-
| | insecureNoSSL: false |
| | insecureSkipVerify: false |
| | rootCA: /etc/ssl/
| | userSearch: |
| | baseDN: ou=Users,
| | emailAttr: sAMAccountName |
| | filter: (objectClass=user) |
| | idAttr: sAMAccountName |
| | nameAttr: displayName |
| | username: sAMAccountName |
| | usernamePrompt: Username |
| | id: ldap |
| | name: OpenLDAP |
| | type: ldap |
| | expiry: |
| | idTokens: 60s |
| | extraVolumeMounts: |
| | - mountPath: /etc/ssl/
| | name: certdir |
| | extraVolumes: |
| | - name: certdir |
| | secret: |
| | secretName: wadcert |
| | |
+------
[sysadmin@
+------
| Property | Value |
+------
| active | True |
| app_version | 1.0-0 |
| created_at | 2020-02-
| manifest_file | manifest.yaml |
| manifest_name | oidc-auth-manifest |
| name | oidc-auth-apps |
| progress | None |
| status | applying |
| updated_at | 2020-02-
+------
7)Try to retrieve the token, the token still returns with 20m expiry instead of 60s
Expected Behavior
------------------
The new values should take affect automatically without remove/ reapply
Actual Behavior
----------------
Failed to update the pods with new values
Reproducibility
---------------
100%
System Configuration
-------
tested on all the following systems
simple wcp_122 ipv4
Branch/Pull Time/Commit
-------
2020-02-22
Last Pass
---------
This is a new test scenario
Timestamp/Logs
--------------
2020-02-24 15:02:21.182
Test Activity
-------------
Feature Testing
Workaround
----------
Delete dex pod , which the pod is created automatically with new values.
| ayyappa (mantri425) wrote | #1 |
| Jerry Sun (jerry-sun-u) wrote | #2 |
| Ghada Khalil (gkhalil) wrote | #3 |
| Changed in starlingx: | |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| tags: | added: stx.4.0 stx.security |
| Changed in starlingx: | |
| assignee: | nobody → Jerry Sun (jerry-sun-u) |
| Changed in starlingx: | |
| status: | Triaged → In Progress |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to oidc-auth-armada-app (master) | #4 |
| tags: | added: stx.apps |
| OpenStack Infra (hudson-openstack) wrote Fix merged to oidc-auth-armada-app (master) | #5 |
| Changed in starlingx: | |
| status: | In Progress → Fix Released |
Logs attached