There seems to be 2 issues with this fix in 4.6.0-0.nightly-2020-10-07-093101: 1.) if you do not run the cluster deletion command with debug level logs enabled the error regarding invalid credentials is never displayed 2.) There is a much more serious issue that occurs where the deletion appears to succeed and there is no indication of the bad credentials (unless debug logs are used) and further not only does the installer not delete the cluster (it can't due to bad credentials) it removes the locally stored metadata which makes removal of the cluster resources a manual process. Attempt to delete with invalid credentials: [m@localhost 46-azure-install]$ ./openshift-install destroy cluster --dir clusters/mgahagan-090810 --log-level=debug DEBUG OpenShift Installer 4.6.0-0.nightly-2020-10-07-093101 DEBUG Built from commit bff124c9941762d2532490774b3f910241bd63f6 INFO Credentials loaded from file "/home/m/.azure/osServicePrincipal.json" DEBUG deleting public records DEBUG azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/mgahagan-090810-n4vnb-rg/providers/Microsoft.Network/dnsZones?%24top=100&api-version=2018-03-01-preview: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: b7bfa8d2-56c3-4ea0-be5f-71dea28f7b00\r\nCorrelation ID: cb123619-b0f5-4756-945d-e1c25c0e334f\r\nTimestamp: 2020-10-08 14:58:00Z","error_codes":[7000215],"timestamp":"2020-10-08 14:58:00Z","trace_id":"b7bfa8d2-56c3-4ea0-be5f-71dea28f7b00","correlation_id":"cb123619-b0f5-4756-945d-e1c25c0e334f","error_uri":"https://login.microsoftonline.com/error?code=7000215"} DEBUG deleting resource group DEBUG azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourcegroups/mgahagan-090810-n4vnb-rg?api-version=2018-05-01: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: e119e1e8-c0fd-4b47-989d-4697d9527600\r\nCorrelation ID: 4ffe51d2-cdc0-4b74-aca3-210ba03230ca\r\nTimestamp: 2020-10-08 14:58:00Z","error_codes":[7000215],"timestamp":"2020-10-08 14:58:00Z","trace_id":"e119e1e8-c0fd-4b47-989d-4697d9527600","correlation_id":"4ffe51d2-cdc0-4b74-aca3-210ba03230ca","error_uri":"https://login.microsoftonline.com/error?code=7000215"} DEBUG deleting application registrations DEBUG Purging asset "Metadata" from disk DEBUG Purging asset "Terraform Variables" from disk DEBUG Purging asset "Kubeconfig Admin Client" from disk DEBUG Purging asset "Kubeadmin Password" from disk DEBUG Purging asset "Certificate (journal-gatewayd)" from disk DEBUG Purging asset "Cluster" from disk INFO Time elapsed: 1s If --log-level=debug is not specified then the user only sees the INFO lines which may mislead them to believe the cluster was actually removed. Attempt to delete after credentials are corrected: [m@localhost 46-azure-install]$ ./openshift-install destroy cluster --dir clusters/mgahagan-090810 --log-level=debug DEBUG OpenShift Installer 4.6.0-0.nightly-2020-10-07-093101 DEBUG Built from commit bff124c9941762d2532490774b3f910241bd63f6 FATAL Failed while preparing to destroy cluster: open clusters/mgahagan-090810/metadata.json: no such file or directory Successful attempt to delete cluster with correct credentials and the cluster installation directory restored from backup: [m@localhost 46-azure-install]$ ./openshift-install destroy cluster --dir clusters/mgahagan-090810.bak INFO Credentials loaded from file "/home/m/.azure/osServicePrincipal.json" INFO deleted record=api.mgahagan-090810 INFO deleted record="*.apps.mgahagan-090810" INFO deleted resource group=mgahagan-090810-n4vnb-rg INFO deleted appID=fbecc025-88e5-4447-9921-5ab1b0a9962c INFO deleted appID=777cfa32-c77a-4f60-bcd1-cee8abb877cc INFO deleted appID=285a4b7f-52f5-45f5-8611-17634640df7d INFO Time elapsed: 17m0s
This is not a 4.6.0 blocker, moving to 4.7.0.
Confirmed install fails quickly when trying to delete a cluster with invalid credentials with 4.7.0-0.nightly-2020-11-05-140313 [m@localhost 47_azure-install]$ ./openshift-install destroy cluster --dir clusters/mgahagan-120511 INFO Credentials loaded from file "/home/m/.azure/osServicePrincipal.json" FATAL Failed to destroy cluster: [unable to authenticate when deleting public DNS records: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to <subscription and other information redacted>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633