alarm serverity doesn't follow the serverity set on the certificate object
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Karla Felix |
Bug Description
Brief Description
alarm serverity doesn't follow the serverity set on the certificate object
Severity
minor
Steps to Reproduce
1)Create any cert managed by cert-manager on the system, you can deploy the following be changing the lab details in the yaml
---
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiB
tls.key: LS0tLS1CRUdJTiB
kind: Secret
metadata:
name: stepca-root-secret
namespace: deployment
type: kubernetes.io/tls
---
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiB
tls.key: LS0tLS1CRUdJTiB
kind: Secret
metadata:
name: stepca-ica-secret
namespace: deployment
type: kubernetes.io/tls
deploy a cert
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: oidc-auth-
namespace: kube-system
spec:
dnsNames:
- yow2-xr11-
duration: 432h0m0s
ipAddresses:
- 128.224.48.7
issuerRef:
kind: Issuer
name: cloudplatform-
renewBefore: 25h0m0s
secretName: oidc-auth-
Now change the severity of the certificate object to minor, also the duration and renewbefore to raise the alarm. Now when the alarm is raised, the severity shows as "major"
Expected Behavior
the alarm serverity level should follow the certificate object value
Actual Behavior
alarm serverity doesn't follow the serverity set on the certificate object
Reproducibility
100%
System Configuration
yow2-xr11-032-033
Load info (eg: 2022-03-
BUILD_DATE=
Last Pass
Timestamp/Logs
na
Alarms
na
Test Activity
Regression testing
Workaround
Describe workaround if available
Changed in starlingx: | |
assignee: | nobody → Karla Felix (kkarolin) |
Changed in starlingx: | |
status: | New → In Progress |
description: | updated |
tags: | added: stx.fault stx.security |
Changed in starlingx: | |
importance: | Undecided → Low |
tags: | added: stx.8.0 |
Reviewed: https:/ /review. opendev. org/c/starlingx /config/ +/869869 /opendev. org/starlingx/ config/ commit/ dfe5af141381c3e 0cf9e0ad61611e8 9fd49931f6
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit dfe5af141381c3e 0cf9e0ad61611e8 9fd49931f6
Author: Karla Felix <email address hidden>
Date: Wed Jan 11 15:30:56 2023 -0300
Update severity check and cert-alarm override
Updating check for user input in severity value, and alarm disabled. For the severity value updating the check disabled changing the conditions to clear the existing
enabled/
and Logging when an user override exist. In case of alarm
enabled/
alarms for the certificate when the user disable the alarm.
Test Plan:
PASS: Add user override in the certificate and check if the severity
cert- alarm will use now a user custom value for the severity.
changes in the cert-alarm alarm.
PASS: Add user override and check for the custom log warning that the
PASS: Disable the alarm for the certificate and check if all related
alarms have been cleared.
PASS: Change the field back to Enabled and check if all alarms is
raised.
Closes-Bug: 2002823 e4422df360fdf56 0602fec95f8
Signed-off-by: Karla Felix <email address hidden>
Change-Id: I032ef6e880fbed