Bug 2258015

Summary: Client onboarding token generation from UI is not working for upgraded provider clusters
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: Amrita Mahapatra <ammahapa>
Component: odf-operatorAssignee: Bipul Adhikari <badhikar>
Status: CLOSED ERRATA QA Contact: Amrita Mahapatra <ammahapa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.14CC: badhikar, muagarwa, nberry, nigoyal, odf-bz-bot, resoni
Target Milestone: ---   
Target Release: ODF 4.15.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: isf-provider
Fixed In Version: 4.15.0-125 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-03-19 15:31:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Amrita Mahapatra 2024-01-12 06:50:40 UTC 
Description of problem (please be detailed as possible and provide log
snippests):
Client onboarding token generation from UI is not working for upgraded provider clusters when both private and public keys are available in the console.

Version of all relevant components (if applicable):
ODF version: 4.14.4-4.fusion-hci
OCP version: 4.14.5


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)? no


Is there any workaround available to the best of your knowledge? yes we can trigger the onboarding token from CLI


Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)? 3


Can this issue reproducible? yes


Can this issue reproduce from the UI? yes


If this is a regression, please provide more details to justify this: NA


Steps to Reproduce:
1. Create one provider-client hci cluster with odf version prior to 4.14.4-4
2. Create onboarding token for client outside odf using token generation script.
3. Storage-client successfully onboarded
4. Upgrade the provider-client cluster to odf 4.14.4-4
5. Apply below:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: oauth-proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
  resources:
  - tokenreviews
  verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
  resources:
  - subjectaccessreviews
  verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: oauth-proxy-role-binding
subjects:
- kind: ServiceAccount
  name: ux-backend-server
  namespace: openshift-storage
roleRef:
  kind: ClusterRole
  name: oauth-proxy-role
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ux-backend-server
  namespace: openshift-storage
---
6. Check ux-backend-server pod is up and running
7. Check below secrets are available under secrets for 'openshift-storage' namespace
onboarding-secret-generator-dockercfg
onboarding-secret-generator-token  and 
onboarding-ticket-key

8. Check onboarding-secret-generator job is not available.
9. Delete onboarding-ticket-key
10. Check onboarding-secret-generator job triggered and moved to 'Completed' status
11. Check below secrets are available under secrets for 'openshift-storage' namespace
onboarding-private-key
onboarding-secret-generator-dockercfg
onboarding-secret-generator-token  and 
onboarding-ticket-key

12. Select 'Generate client onboarding token' option from 'Storage --> Storage clients' page.


After upgrade,
- client onboarding tickets are not generating from UI, although private and public keys are available, its getting stuck at processing.

Expected results:
After upgrade,should be able to generate client onboarding tickets afrom UI when both private and public keys are available.


Additional info:
Comment 2 Bipul Adhikari 2024-01-17 08:09:37 UTC 
This requires changes on the odf-operator.
Comment 9 errata-xmlrpc 2024-03-19 15:31:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.15.0 security, enhancement, & bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:1383