I don't think this is a blocker, but want team's input.
A blocker in what way? For 4.6?
Verified on 4.6.0-0.nightly-2021-02-17-215814
For aws/gcp/azure/vsphere/openstack, when installing a cluster with secret only have passthrough peromissions(in other words, cco is in passthrough mode). after installation, updating root cred to another one(only have passthrough permission too), cco will immediately update all those related secrets.
there is a situation, if cco is in mint mode in the beginning, then updating root creds to the one only have passthrough permission, cco will verify the root secret and set annotation to passthrough mode in root sectet CR , like "cloudcredential.openshift.io/mode": "passthrough", but in this situation, if I update root creds to another one which only have passthrough permission too, it will not follow this logic,cco will not update those related secrets
Do we need to cover this situation, or do we need to document that this is not supported? the cco definitely is in passthrough mode now, but it can't immediately update those related secrets if in this situation.
I have asked Devan this question before, His suggestion is that we don't need to consider this situation at this time , I awlays feel that this is a possible scenario, if we need cover this scenario later, will file a new bug to track. Move this bug to Verified first.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (OpenShift Container Platform 4.6.18 bug fix update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.