Bug 1910372
Summary: | Passthrough credentials are not immediately re-distributed on update | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Akhil Rane <arane> |
Component: | Cloud Credential Operator | Assignee: | Akhil Rane <arane> |
Status: | CLOSED ERRATA | QA Contact: | wang lin <lwan> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 4.6 | CC: | arane, dgoodwin, dgoodwin, jdiaz, lwan, molasaga, nstielau, rsandu, wking |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | 4.6.z | Flags: | arane:
needinfo+
|
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1899515 | Environment: | |
Last Closed: | 2021-02-22 13:54:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1899515 | ||
Bug Blocks: |
Comment 1
Nick Stielau
2021-02-03 19:24:50 UTC
A blocker in what way? For 4.6? Verified on 4.6.0-0.nightly-2021-02-17-215814 For aws/gcp/azure/vsphere/openstack, when installing a cluster with secret only have passthrough peromissions(in other words, cco is in passthrough mode). after installation, updating root cred to another one(only have passthrough permission too), cco will immediately update all those related secrets. Hi, Akhil there is a situation, if cco is in mint mode in the beginning, then updating root creds to the one only have passthrough permission, cco will verify the root secret and set annotation to passthrough mode in root sectet CR , like "cloudcredential.openshift.io/mode": "passthrough", but in this situation, if I update root creds to another one which only have passthrough permission too, it will not follow this logic,cco will not update those related secrets Do we need to cover this situation, or do we need to document that this is not supported? the cco definitely is in passthrough mode now, but it can't immediately update those related secrets if in this situation. I have asked Devan this question before, His suggestion is that we don't need to consider this situation at this time , I awlays feel that this is a possible scenario, if we need cover this scenario later, will file a new bug to track. Move this bug to Verified first. https://issues.redhat.com/browse/HIVE-1286?focusedCommentId=15507308&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-15507308 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.18 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0510 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |