Created attachment 1850009 [details]
Security and network page
Description of problem (please be detailed as possible and provide log
During storagesystem creation, on the Security and network page, when cluster-wide encryption is enabled using KMS, the token field has a note below it which states
"Create a secret with the token for every namespace using encrypted PVCs."
This statement is only valid for storageclass encryption and should not be displayed when only cluster-wide encryption is selected, as shown in the screenshot attached.
It would also be better to mention that namespaces where the encrypted PVCs are created using the encryption enabled SC created as part of the deployment, is where the secret with the given token needs to be created. The current statement is a bit misleading, since there can be multiple encryption enabled SCs and not all of them may require tokens and not all of them may use the same token.
Version of all relevant components (if applicable):
ODF: odf-operator.v4.10.0 OpenShift Data Foundation 4.10.0 Succeeded full_version=4.10.0-79
Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
Is there any workaround available to the best of your knowledge?
Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
Can this issue reproducible?
Can this issue reproduce from the UI?
If this is a regression, please provide more details to justify this:
Steps to Reproduce:
1. Install the ODF operator
2. Go to Installed Operators -> Openshift Data Foundation -> Create StorageSystem
3. Select deployment type and backing storage type and click on Next
4. Select Capacity and nodes and click on Next
5. Click on "Enable data encryption for block and file storage"
6. Select "Cluster-wide encryption" from encryption level
7. Select "Connect to an external key management service". Ensure that the Authentication method is set to Token
The note is displayed under the token field
The note should be displayed only if storageclass encryption is selected.
Moving to the right component
Moving to `ON_QA` since 2093848 also got moved to the `ON_QA` state.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.