Bug 2002811

Summary: KCM does not use web identity credentials
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: Cloud ComputeAssignee: Seth Jennings <sjenning>
Cloud Compute sub component: Cloud Controller Manager QA Contact: Milind Yadav <miyadav>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: unspecified CC: aos-bugs, maszulik, mfedosin, sjenning
Version: 4.8   
Target Milestone: ---   
Target Release: 4.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-22 21:47:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2002808    
Bug Blocks:    

Description OpenShift BugZilla Robot 2021-09-09 18:49:49 UTC 
+++ This bug was initially created as a clone of Bug #2002808 +++

Description of problem:
See https://github.com/kubernetes/kubernetes/pull/104314#issue-709659173

Version-Release number of selected component (if applicable):
4.8

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:
role_arn and web_identity_token_file are not used by the custom AWS credential chain defined by the in-tree cloud provider.

Expected results:
Default credential chain is used and web identity credentials work.

Additional info:
A number of customers are wanting OCP run with only STS credentials (no user access ids/keys).  This is recommend by AWS.  Hypershift is doing this.  OCP can't run in STS-only mode until this is fixed.
Comment 5 Seth Jennings 2021-11-09 14:34:59 UTC 
Fixed in https://github.com/openshift/kubernetes/pull/985
Comment 11 errata-xmlrpc 2021-11-22 21:47:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.8 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4712