StarlingX

show-certs.sh incorrectly shows oidc CA as "manual"

Bug #2052327 reported by ayyappa
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
ayyappa

Bug Description

Brief Description
-----------------
show-certs.sh shows wrong OIDC CA information

Severity
------
Minor - this is a minor inconsistency, but is causing user confusion

Steps to Reproduce
-------------------
1)the OIDC cloudplatform-rootca-certificate shows as "manual" in the show-certs.sh output even though it is managed by cert-manager

 OIDC CA / kube-system/cloudplatform-rootca-certificate/ca.crt CERTIFICATE:
 ------------------------------------------
         Renewal : Manual
         Namespace : kube-system
         Secret : cloudplatform-rootca-certificate
         Subject : CN = cloudplatform-rootca
         Issuer : CN = cloudplatform-rootca
         Issue Date : Feb 2 08:06:01 2024 GMT
         Expiry Date : Jan 31 08:06:01 2029 GMT
         Residual Time : 1824d

Expected Behavior
----------------

the script should show proper output for OIDC certs

Actual Behavior
--------------
wrongly shows OIDC certs renewal as "manual"

Reproducibility
-------------------
100% Reproducible

System Configuration
------------------

all lab types

Load info (eg: 2022-03-10_20-00-07)

stx.8.0

Branch/Pull Time/Commit
-----------------------
NA.

Last Pass
--------
N/A Day one config

Timestamp/Logs
------------
NA.

Alarms
------
N/A

Test Activity
--------------
Debugging Request

Workaround
-----------
Not required.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to utilities (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/utilities/+/907632

Changed in starlingx:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to utilities (master)

Reviewed: https://review.opendev.org/c/starlingx/utilities/+/907632
Committed: https://opendev.org/starlingx/utilities/commit/dd8de74064d0739f199185cab52fdd1e74b7d620
Submitter: "Zuul (22348)"
Branch: master

commit dd8de74064d0739f199185cab52fdd1e74b7d620
Author: amantri <email address hidden>
Date: Fri Feb 2 15:03:15 2024 -0500

    Fix OIDC CA cert info in the show-certs.sh output

    The OIDC CA cert "issuer_root_ca_secret" renewal shows as "Manual"
    instead of "Automatic" when the corresponding secret exist and
    managed by cert-manager, this fix addresses this issue.

    Test Cases:
    PASS: Apply oidc app and run show-certs script and verify all
          oidc cert info is properly displayed
    PASS: Apply WRA app and run show-certs script and verify all
          oidc cert info is properly displayed
    PASS: Run show-certs.sh script info on DC system and verify all
          the certs info is properly displayed
    PASS: Run show-certs.sh with -k option and verify that all the
          certificate info is properly displayed
    PASS: Deploy system-restapi-gui-certificate,system-registry-
          local-certificate,oidc-auth-apps-certificate and run
          show-certs.sh script and verify that all certificate values
          are showing fine and also renewal field shows as "Automatic
          [cert-manager]"

    Closes-Bug: 2052327

    Change-Id: Ieef047d5143fce522bf534d5d9ac663e9293e036
    Signed-off-by: amantri <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
assignee: nobody → ayyappa (mantri425)
Ghada Khalil (gkhalil)
tags: added: stx.9.0 stx.security
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.