Bug 1874367 - "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider
Summary: "Create Backing Store" page doesn't allow to select already defined k8s secre...
Alias: None
Product: Red Hat OpenShift Container Storage
Classification: Red Hat Storage
Component: management-console
Version: 4.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: OCS 4.7.0
Assignee: Bipul Adhikari
QA Contact: Martin Bukatovic
Depends On: 1874192 1912421
TreeView+ depends on / blocked
Reported: 2020-09-01 08:01 UTC by Martin Bukatovic
Modified: 2021-05-19 09:15 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of: 1874192
Last Closed: 2021-05-19 09:15:04 UTC

Attachments (Terms of Use)
changing the Secret Key field when google is selected as provider (146.95 KB, image/png)
2020-11-19 11:05 UTC, Yuval
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:2041 0 None None None 2021-05-19 09:15:58 UTC

Description Martin Bukatovic 2020-09-01 08:01:39 UTC
+++ This bug was initially created as a clone of Bug #1874192 +++

Cloned to OCS product so that both OCP and OCS products can track the bug

Description of problem

When one opens "Create new Backing Store" form and selects "Google cloud
storage" as a provider, it's no longer possible to select k8s secret with
credentials. User can only select a file with credentials to be loaded.

This behavior is unique for GCP platform. For all other cloud storage
providers available in this form:

- AWS S3
- S3 Compatible
- Azure blob

The form shows "secret" form field, with an option to switch to credentials

I reported this bug based on OCS MCG dev's team evaluation of BZ 1873646:


Which suggests that user should have both options available (selecting either
already created secret or create new one).

Version-Release number of selected component

OCP: 4.5.0-0.ci-2020-08-31-005035
OCS: 4.5.0-543.ci

How reproducible


Steps to Reproduce

1. Install OCP/OCS cluster 
2. Open OCP Console, and navigate to OCS operator
3. Go to "Backing Store" tab (where you will see list of backing stores,
   such as noobaa-default-backing-store)
4. Click on "Create Backing Store" button
5. In "Create new Backing Store" page,
   for provider select "Google cloud storage"

Actual results

With "Google cloud storage" as selected provider, it's not possible to chose
k8s secret with authentication details for MCG to control the target bucket.

Expected results

User can specify the credentials for the storage bucket via both:

- already existing k8s secret
- entering/loading new secret via "credentials" mode

as is the case for all other platforms available in this form.

Comment 3 Michael Adam 2020-09-10 12:48:07 UTC
moving out of 4.5 for now

Comment 5 Elad 2020-09-13 11:05:19 UTC
As it was already reported, I don't see harm in keeping it open for tracking the OCP bug.
I don't know what's the final decision if to clone or not but up until now, we haven't cloned so I think we can keep it this way.

Comment 6 Ankush Behl 2020-09-14 06:44:39 UTC
@Yuval: We will need UX for this request so assigning it to you.

Comment 7 Yuval 2020-11-19 08:56:21 UTC
(In reply to Ankush Behl from comment #6)
> @Yuval: We will need UX for this request so assigning it to you.

ok, I will update the designs.

Comment 8 Yuval 2020-11-19 11:05:41 UTC
Created attachment 1730893 [details]
changing the Secret Key field when google is selected as provider

Comment 9 Yuval 2020-11-19 11:06:38 UTC
it's already fixed in the UI

Comment 10 Yuval 2020-11-24 16:07:17 UTC
see the link to the updated designs: https://marvelapp.com/prototype/98070cf/section/1199966

Comment 15 Martin Bukatovic 2021-02-04 23:31:25 UTC
Checking on GCP with:

OCP 4.7.0-0.nightly-2021-02-04-132953
OCS 4.7.0-250.ci


- via GCP Console, I created new bucket named "noobaabz1874367bucket"
- via OCP Console, I used "Create Backing Store" page to create new noobaa backing store, selecting GCP as a provider, switching to "secret" mode (from original json credentials upload mode) and selecting existing noobaa-gcp-bucket-creds secret, specifying noobaabz1874367bucket as a target bucket
- listing backing stores shows both noobaa-default-backing-store and new bz1874367backingstore in Ready state

No further verification steps were performed, as noobaa qe team hasn't indicated that it would be necessary during triage.

This matches behavior on other platforms, like AWS or Azure.


Comment 18 errata-xmlrpc 2021-05-19 09:15:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat OpenShift Container Storage 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.