Description of the problem: In STS enabled env, followed the instruction - https://raw.githubusercontent.com/rh-mobb/documentation/25e373904a83846de7da4ad7a99dc2b487229163/docs/acm/observability/rosa/README.md to create thanos-object storage - without AWS access key, but MCO CR reports error about it. ``` - lastTransitionTime: "2022-03-14T03:32:21Z" message: no s3 access_key in config file reason: ObjectStorageConfInvalid status: "False" type: Failed ``` Release version: 2.5 Operator snapshot version: OCP version: ROSA 4.9 - STS enabled Browser Info: Steps to reproduce: 1. Setup one STS enabled ROSA cluster, and deploy ACM 2.5 2. followed above instruction to create S3 bucket, policy and role 3. followed above instruction to create one thanos object secret without access key 4. deploy MCO CR, the status still in running due to `no s3 access_key in config file` 5. But the metrics data are forward to the bucket. Actual results: Expected results: Additional info:
Verified by 2.5.0-DOWNSTREAM-2022-04-20-06-50-05, issue is fixed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:4956
This comment was flagged a spam, view the edit history to see the original text if required.
RFE Copy secret with specific secret namespace, name for source and ... MCOCR reports object-storage secret without AWS access_key in STS. https://www.myloyola.net/
Can you please share us an image depicting the issue? https://www.myallsaversconnect.net/
Bug 2063697 is related to the observability of object storage secrets in a Secure Token Service (STS) enabled environment. In this bug report, it is highlighted that MCOCR (Managed Cloud Object Storage Configuration Reports) is reporting object storage secrets without AWS access_key in such an environment. This can potentially expose sensitive information, making it a security risk. To provide more context, STS is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users. In such an environment, MCOCR should not report the AWS access_key in the object storage secrets, as it is unnecessary and can pose a security risk. The bug report suggests that the issue could be resolved by modifying MCOCR to exclude the access_key from the object storage https://www.tellhappystar.org/ secrets when STS is enabled. By doing so, the security of the system could be improved by reducing the potential exposure of sensitive information. Overall, Bug 2063697 highlights the importance of observability in ensuring the security of sensitive information, particularly in STS enabled environments.
That’s what I was looking for, what an info present here at this website, thank you admin! https://www.mybkexperience.one/
I found a lot of interesting information here. https://www.prepaidgiftbalance.vip/
Thanks for sharing. It's so interesting. https://www.utsa-blackboard.com/