Bug 2055894

Summary: CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API
Product: OpenShift Container Platform Reporter: Akhil Rane <arane>
Component: Cloud Credential OperatorAssignee: Nobody <nobody>
Status: CLOSED ERRATA QA Contact: wang lin <lwan>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.10CC: wking
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-10 16:44:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2055821    

Description Akhil Rane 2022-02-17 21:11:26 UTC 
Description of problem:

With the upcoming sunset of the Azure AD Graph API on June 30 2022, CCO will no longer be able to reliably create ServicePrincipals while processing a CredentialsRequest in Mint mode. We cannot transition to a new API yet as Go SDK support is not production ready.


Version-Release number of selected component (if applicable):
4.10

How reproducible:
Always (after June 30 2022)

Steps to Reproduce:
1. Install OpenShift cluster on Azure in Mint mode after June 30 2022

Actual results:
CCO will fail to provision Credentials Request and cluster install will not succeed

Expected results:
CCO should be able to provision Credentials Request and cluster install should succeed

Additional info:

Link to azure announcement indicating that Azure AD Graph API will be sunset - https://techcommunity.microsoft.com/t5/azure-active-directory-identity/update-your-applications-to-use-microsoft-authentication-library/ba-p/1257363
Comment 1 Akhil Rane 2022-02-17 21:13:23 UTC 
This issue is resolved in this PR - https://github.com/openshift/cloud-credential-operator/pull/435
Comment 4 errata-xmlrpc 2022-03-10 16:44:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056