Bug 2039161

Summary: Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected
Product: OpenShift Container Platform Reporter: Rachael <rgeorge>
Component: Console Storage PluginAssignee: Rishabh Bhandari <rbhandar>
Status: CLOSED ERRATA QA Contact: Rachael <rgeorge>
Severity: medium Docs Contact:
Priority: low    
Version: 4.10CC: aos-bugs, jefbrown, madam, mmuench, nthomas, ocs-bugs, vbadrina
Target Milestone: ---   
Target Release: 4.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2093848 (view as bug list) Environment:
Last Closed: 2022-08-10 10:41:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2093848    
Attachments:
Description Flags
Security and network page none

Description Rachael 2022-01-11 06:01:11 UTC 
Created attachment 1850009 [details]
Security and network page

Description of problem (please be detailed as possible and provide log
snippets):

During storagesystem creation, on the Security and network page, when cluster-wide encryption is enabled using KMS, the token field has a note below it which states

"Create a secret with the token for every namespace using encrypted PVCs."

This statement is only valid for storageclass encryption and should not be displayed when only cluster-wide encryption is selected, as shown in the screenshot attached. 

It would also be better to mention that namespaces where the encrypted PVCs are created using the encryption enabled SC created as part of the deployment, is where the secret with the given token needs to be created. The current statement is a bit misleading, since there can be multiple encryption enabled SCs and not all of them may require tokens and not all of them may use the same token.


Version of all relevant components (if applicable):
---------------------------------------------------

OCP: 4.10.0-0.nightly-2022-01-10-144202
ODF: odf-operator.v4.10.0   OpenShift Data Foundation     4.10.0                          Succeeded   full_version=4.10.0-79


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
No

Is there any workaround available to the best of your knowledge?
N/A

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
1

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
Yes

If this is a regression, please provide more details to justify this:
No

Steps to Reproduce:
1. Install the ODF operator 
2. Go to Installed Operators -> Openshift Data Foundation -> Create StorageSystem
3. Select deployment type and backing storage type and click on Next
4. Select Capacity and nodes and click on Next
5. Click on "Enable data encryption for block and file storage"
6. Select "Cluster-wide encryption" from encryption level 
7. Select "Connect to an external key management service". Ensure that the Authentication method is set to Token


Actual results:

The note is displayed under the token field


Expected results:

The note should be displayed only if storageclass encryption is selected.
Comment 2 Vineet 2022-02-01 11:09:07 UTC 
Moving to the right component
Comment 8 Rishabh Bhandari 2022-06-17 06:14:08 UTC 
Moving to `ON_QA` since 2093848 also got moved to the `ON_QA` state.
Comment 12 errata-xmlrpc 2022-08-10 10:41:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069