Description of problem:

I restored ACM hub in another ACM cluster following the ACM backup and restore procedure. The managed cluster in the original hub had this annotation so that it does not get re-imported by the original ACM hub.

  annotations:
    import.open-cluster-management.io/disable-auto-import: "" 

The managed cluster and everything appeared to be restored successfully and search.. etc were all functioning fine with the managed cluster in the restored ACM hub. However, the cluster proxy was not working. 

I did a simple cluster proxy test in the restored ACM hub.

TOKEN=$(oc whoami -t 2>/dev/null || kubectl get secret $(kubectl get sa default -o jsonpath='{.secrets[0].name}') -o jsonpath='{.data.token}' | base64 -d)


curl -k -H "Authorization: Bearer $TOKEN" \
     https://cluster-proxy-user.apps.cnv-hub-2.dev11.red-chesterfield.com/cnv-spoke-1/version 

authentication failed: managed cluster auth: not authenticated, hub cluster auth error: Unauthorized

I saw the same authentication failure in the cluster-proxy agent log in the managed cluster.

I detached this restored managed cluster and re-imported it manually and the cluster proxy started working again.

Note: the managed cluster is not a hive cluster. It is a manually imported cluster.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

1.  
2.  
3. ...

Actual results:

Expected results:

Additional info: