StarlingX

alarm serverity doesn't follow the serverity set on the certificate object

Bug #2002823 reported by Karla Felix
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Karla Felix

Bug Description

Brief Description

alarm serverity doesn't follow the serverity set on the certificate object

Severity

minor

Steps to Reproduce

1)Create any cert managed by cert-manager on the system, you can deploy the following be changing the lab details in the yaml

---
apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJsekNDQVQ2Z0F3SUJBZ0lSQUlLV2NtMTE0dEVBdGtuWXNncjN2dkl3Q2dZSUtvWkl6ajBFQXdJd0tqRW8KTUNZR0ExVUVBeE1mVjFKVExWZFNRMUF0UTNWdGRXeDFjeTFUZEdWd1EyRWdVbTl2ZENCRFFUQWVGdzB5TURBMgpNVGd4TWpBeU16RmFGdzB6TURBMk1UWXhNakF5TXpGYU1Db3hLREFtQmdOVkJBTVRIMWRTVXkxWFVrTlFMVU4xCmJYVnNkWE10VTNSbGNFTmhJRkp2YjNRZ1EwRXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBUkMKZEU1bS9rRFp4c01oTVVVRUl6OC81ZUtldUoydkt0ZmY0dDZISjlpUi9yODkzREx1a09JaFBqN3VoREVzMHFRdQpid25HSW1RREhlQmNENUE1bEVtWW8wVXdRekFPQmdOVkhROEJBZjhFQkFNQ0FRWXdFZ1lEVlIwVEFRSC9CQWd3CkJnRUIvd0lCQVRBZEJnTlZIUTRFRmdRVWVQRmxEODAxMHNlYlI3cEhGV25pdE1JRXpoTXdDZ1lJS29aSXpqMEUKQXdJRFJ3QXdSQUlnV2dIYXE4QTZ3UFVFK2hKdVAydU5DdWFUNmo1d3diZmFSZ1pDaGpHcUJPNENJSFRCc2xjcwo3eGdwMjRLRUlJcXE2UFNUNFVYUkhJeFZsSDJsckpUcXUrRGEKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUc0aHhUd0E5T3lqYktleEdVblEzdmw2NkZqRU80NlFRbUlTWThtMEJxWTdvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFUW5ST1p2NUEyY2JESVRGRkJDTS9QK1hpbnJpZHJ5clgzK0xlaHlmWWtmNi9QZHd5N3BEaQpJVDQrN29ReExOS2tMbThKeGlKa0F4M2dYQStRT1pSSm1BPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
  name: stepca-root-secret
  namespace: deployment
type: kubernetes.io/tls
---
apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJ3RENDQVdhZ0F3SUJBZ0lRUmo2Tk11Mmx1MG5LaFduenFROUtzakFLQmdncWhrak9QUVFEQWpBcU1TZ3cKSmdZRFZRUURFeDlYVWxNdFYxSkRVQzFEZFcxMWJIVnpMVk4wWlhCRFlTQlNiMjkwSUVOQk1CNFhEVEl3TURZeApPREV5TURJek4xb1hEVE13TURZeE5qRXlNREl6TjFvd01qRXdNQzRHQTFVRUF4TW5WMUpUTFZkU1ExQXRRM1Z0CmRXeDFjeTFUZEdWd1EyRWdTVzUwWlhKdFpXUnBZWFJsSUVOQk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMEQKQVFjRFFnQUVtMThSUmNlWDQ1NWZuVSt5RkRRQ29IR2dZaXp5OEVCbGI5UHgxa3BIS3B4ZysrTjFLUUVaWWp0dwpCWFNSUHdGdThXeUFoVkF0bDlZOVhHeEVDR3NXSjZObU1HUXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkCkV3RUIvd1FJTUFZQkFmOENBUUF3SFFZRFZSME9CQllFRkZSdGZWU2ZSYjcwOHlIWWtKODdxTUlJRnVmZ01COEcKQTFVZEl3UVlNQmFBRkhqeFpRL05OZExIbTBlNlJ4VnA0clRDQk00VE1Bb0dDQ3FHU000OUJBTUNBMGdBTUVVQwpJUUNiaTV4Y3YwZmtHR1dLWDZnanBSWXh6OS9OUzVRNUtkSTRibWFoYTg1U1FBSWdPeFErNU9ZeXFWQ2FtV0JDCm9pd1p5RHFUcmJDMlZUeXlWcDI0OWJrdE0vYz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU00WTF6dzZXNXJSZGI0YWU1NGFQSWphcHJxZHFCQitBZWZEZmw0d1FUbXBvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFbTE4UlJjZVg0NTVmblUreUZEUUNvSEdnWWl6eThFQmxiOVB4MWtwSEtweGcrK04xS1FFWgpZanR3QlhTUlB3RnU4V3lBaFZBdGw5WTlYR3hFQ0dzV0p3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
  name: stepca-ica-secret
  namespace: deployment
type: kubernetes.io/tls

deploy a cert

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: oidc-auth-apps-certificate
  namespace: kube-system
spec:
  dnsNames:
  - yow2-xr11-032-033.cumulus.wrs.com
  duration: 432h0m0s
  ipAddresses:
  - 128.224.48.7
  issuerRef:
    kind: Issuer
    name: cloudplatform-rootca-issuer
  renewBefore: 25h0m0s
  secretName: oidc-auth-apps-certificate

Now change the severity of the certificate object to minor, also the duration and renewbefore to raise the alarm. Now when the alarm is raised, the severity shows as "major"

Expected Behavior

the alarm serverity level should follow the certificate object value

Actual Behavior

alarm serverity doesn't follow the serverity set on the certificate object

Reproducibility

100%

System Configuration

yow2-xr11-032-033

Load info (eg: 2022-03-10_20-00-07)

BUILD_DATE="2022-12-12 03:00:09 +0000"

Last Pass

Timestamp/Logs

na

Alarms

na

Test Activity

Regression testing

Workaround

Describe workaround if available

See original description
Karla Felix (kkarolin)
Changed in starlingx:
assignee: nobody → Karla Felix (kkarolin)
OpenStack Infra (hudson-openstack)
Changed in starlingx:
status: New → In Progress
Ghada Khalil (gkhalil)
description: updated
tags: added: stx.fault stx.security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config (master)

Reviewed: https://review.opendev.org/c/starlingx/config/+/869869
Committed: https://opendev.org/starlingx/config/commit/dfe5af141381c3e0cf9e0ad61611e89fd49931f6
Submitter: "Zuul (22348)"
Branch: master

commit dfe5af141381c3e0cf9e0ad61611e89fd49931f6
Author: Karla Felix <email address hidden>
Date: Wed Jan 11 15:30:56 2023 -0300

    Update severity check and cert-alarm override

    Updating check for user input in severity value, and alarm
    enabled/disabled. For the severity value updating the check
    and Logging when an user override exist. In case of alarm
    enabled/disabled changing the conditions to clear the existing
    alarms for the certificate when the user disable the alarm.

    Test Plan:

    PASS: Add user override in the certificate and check if the severity
          changes in the cert-alarm alarm.
    PASS: Add user override and check for the custom log warning that the
          cert-alarm will use now a user custom value for the severity.
    PASS: Disable the alarm for the certificate and check if all related
          alarms have been cleared.
    PASS: Change the field back to Enabled and check if all alarms is
          raised.

    Closes-Bug: 2002823
    Signed-off-by: Karla Felix <email address hidden>
    Change-Id: I032ef6e880fbede4422df360fdf560602fec95f8

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
tags: added: stx.8.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.