Bug 2039161 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected
Summary: Note about token for encrypted PVCs should be removed when only cluster wide ...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Console Storage Plugin
Version: 4.10
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.11.0
Assignee: Rishabh Bhandari
QA Contact: Rachael
Depends On:
Blocks: 2093848
TreeView+ depends on / blocked
Reported: 2022-01-11 06:01 UTC by Rachael
Modified: 2022-08-10 10:42 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2093848 (view as bug list)
Last Closed: 2022-08-10 10:41:42 UTC
Target Upstream Version:

Attachments (Terms of Use)
Security and network page (79.29 KB, image/png)
2022-01-11 06:01 UTC, Rachael
no flags Details

System ID Private Priority Status Summary Last Updated
Github openshift console pull 10978 0 None open Bug 2039161: text visibility fixed 2022-02-01 11:09:32 UTC
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 10:42:09 UTC

Description Rachael 2022-01-11 06:01:11 UTC
Created attachment 1850009 [details]
Security and network page

Description of problem (please be detailed as possible and provide log

During storagesystem creation, on the Security and network page, when cluster-wide encryption is enabled using KMS, the token field has a note below it which states

"Create a secret with the token for every namespace using encrypted PVCs."

This statement is only valid for storageclass encryption and should not be displayed when only cluster-wide encryption is selected, as shown in the screenshot attached. 

It would also be better to mention that namespaces where the encrypted PVCs are created using the encryption enabled SC created as part of the deployment, is where the secret with the given token needs to be created. The current statement is a bit misleading, since there can be multiple encryption enabled SCs and not all of them may require tokens and not all of them may use the same token.

Version of all relevant components (if applicable):

OCP: 4.10.0-0.nightly-2022-01-10-144202
ODF: odf-operator.v4.10.0   OpenShift Data Foundation     4.10.0                          Succeeded   full_version=4.10.0-79

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?

Is there any workaround available to the best of your knowledge?

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?

Can this issue reproducible?

Can this issue reproduce from the UI?

If this is a regression, please provide more details to justify this:

Steps to Reproduce:
1. Install the ODF operator 
2. Go to Installed Operators -> Openshift Data Foundation -> Create StorageSystem
3. Select deployment type and backing storage type and click on Next
4. Select Capacity and nodes and click on Next
5. Click on "Enable data encryption for block and file storage"
6. Select "Cluster-wide encryption" from encryption level 
7. Select "Connect to an external key management service". Ensure that the Authentication method is set to Token

Actual results:

The note is displayed under the token field

Expected results:

The note should be displayed only if storageclass encryption is selected.

Comment 2 Vineet 2022-02-01 11:09:07 UTC
Moving to the right component

Comment 8 Rishabh Bhandari 2022-06-17 06:14:08 UTC
Moving to `ON_QA` since 2093848 also got moved to the `ON_QA` state.

Comment 12 errata-xmlrpc 2022-08-10 10:41:42 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.