StarlingX

show-certs.sh incorrectly shows some cert renewal as "manual"

Bug #2051880 reported by ayyappa
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
ayyappa

Bug Description

Brief Description
-----------------
show-certs.sh shows wra certs renewal as "manaual" even though those are managed by cert-manager
Severity
------
Minor - this is a minor inconsistency, but is causing user confusion

Steps to Reproduce
-------------------
1)Run "show-certs.sh" on WRA system and notice that the following certs, renewal shown as "Manual" instead of automatic

 Internal Analytics CA Certificate / monitor/mon-elastic-services-secrets/ca.crt CERTIFICATE:
 ------------------------------------------
         Renewal : Manual
         Namespace : monitor
         Secret : mon-elastic-services-secrets
         Subject : CN = wr-analytics-internal-ca
         Issuer : CN = wr-analytics-internal-ca
         Issue Date : Jan 31 15:42:29 2024 GMT
         Expiry Date : Aug 1 03:42:29 2024 GMT
         Residual Time : 182d

 External Analytics CA Certificate / monitor/mon-elastic-services-secrets/ext-ca.crt CERTIFICATE:
 ------------------------------------------
         Renewal : Manual
         Namespace : monitor
         Secret : mon-elastic-services-secrets
         Subject : CN = wr-analytics-external-ca
         Issuer : CN = wr-analytics-external-ca
         Issue Date : Jan 31 15:42:29 2024 GMT
         Expiry Date : Aug 1 03:42:29 2024 GMT
         Residual Time : 182d

Expected Behavior
----------------

the script should show proper output for WRA certs

Actual Behavior
--------------
wrongly shows WRA certs renewal as "manual"

Reproducibility
-------------------
100% Reproducible

System Configuration
------------------

all lab types

Load info (eg: 2022-03-10_20-00-07)

stx.8.0

Branch/Pull Time/Commit
-----------------------
NA.

Last Pass
--------
N/A Day one config

Timestamp/Logs
------------
NA.

Alarms
------
N/A

Test Activity
--------------
Debugging Request

Workaround
-----------
Not required.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to utilities (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/utilities/+/907358

Changed in starlingx:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to utilities (master)

Reviewed: https://review.opendev.org/c/starlingx/utilities/+/907358
Committed: https://opendev.org/starlingx/utilities/commit/8d7d74f97c3d2890d09fe6b2971260a091065d54
Submitter: "Zuul (22348)"
Branch: master

commit 8d7d74f97c3d2890d09fe6b2971260a091065d54
Author: amantri <email address hidden>
Date: Wed Jan 31 15:58:39 2024 -0500

    Fix WRA cert info in the show-certs.sh output

    When fgrep'ing for "ca.crt","ext-ca.crt" in the WRA secret "mon-elastic-
    services-secrets" it is finding matches for "ca.crt:","ca.crt-helm:" and
    "ext-ca.crt:","ext-ca.crt-helm:" respectively, this fails an if clause
    where it checks whether it is managed by cert-manager and wrongly
    displaying the renewal as "Manual" instead of "Automatic",this fix
    addresses this issue by hardening the fgrep to look for "ca.crt:" and
    "ext-ca.crt:" respectively.

    Test Cases:
    PASS: Run "show-certs.sh" script and verify that all information for WRA
          certs properly in the output
    PASS: "show-certs.sh -k" script and verify that all information for WRA
          certs properly in the output

    Closes-Bug: 2051880

    Change-Id: I73af1ebd60a0c750569381b6ed67108f79dbb69e
    Signed-off-by: amantri <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
summary: - show-certs.sh shows wra certs as "manual"
+ show-certs.sh incorrectly shows some cert renewal as "manual"
Ghada Khalil (gkhalil)
tags: added: stx.9.0 stx.security
Changed in starlingx:
assignee: nobody → ayyappa (mantri425)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.