Hide Forgot
Description of problem: Manifests with annotation "release.openshift.io/delete" set to "true" are marked for in-cluster deletion. Ccoctl tool currently does not ignore these while creating cloud infra. Version-Release number of selected component (if applicable): 4.10 How reproducible: Always Steps to Reproduce: 1. Extract CredentialsRequests from a release image that has some CredentialsRequest marked for deletion with annotation "release.openshift.io/delete" set to "true" 2. Try creating credentials infrastructure using ccoctl with extracted CredntialsRequest Actual results: Ccoctl will create cloud resources for ignored CredentialsRequests Expected results: Ccoctl should not create cloud resources for ignored CredentialsRequests Additional info:
Verified on version 4.10.0-0.nightly-2021-12-25-025639 ###ibmcloud ./ccoctl alibabacloud create-ram-users --name lwan-alicloud-1227 --region=ap-northeast-1 --credentials-requests-dir credrequests-alibabacloud --output-dir=./ali-secret 2021/12/27 17:10:05 Ignoring CredentialsRequest openshift-cloud-credential-operator/cco-test-stale-alibaba as it is marked for in-cluster deletion 2021/12/27 17:10:05 Created RAM User: lwan-alicloud-1227-openshift-machine-api-alibabacloud-credential ### no ram-users create for CR deletion with annotation "release.openshift.io/delete" set to "true" $aliyun ims ListUsers | grep lwan-alicloud-1227 | grep stale $ Nothing output ### The same result on aws/gcp/ibm cloud
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056