Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Blocker
Fix Version/s: openshift-4.14
Affects Version/s: None
Labels:

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
ARO Role granularity
Feature Link:
OCPSTRAT-506 - ARO Managed Identity
Intelligence Requested:
Market:

Target Version:

openshift-4.14

SFDC Cases Links:
SFDC Cases Counter:

Evaluate if any of the Azure predefined roles in the credentials request manifests of OpenShift cluster operators give elevated permissions. Remove any such predefined role from spec.predefinedRoles field and replace it with required permissions in the new spec.permissions field.

Investigation/effort required for following components:

Cloud Credential Operator
Cloud Controller Manager Operator
Machine API Operator
Cluster CAPI Operator
Cluster Image Registry Operator
Cluster Ingress Operator
Cluster Network Operator
Cluster Storage Operator

depends on

CCO-294 Update Azure Credentials Request manifest of the Cluster Network Operator to use new API field for requesting permissions

Closed

CCO-299 Update Azure Credentials Request manifest of the Cloud Credentials Operator to use new API field for requesting permissions

Closed

IR-363 Update Azure Credentials Request manifest of the Cluster Image Registry Operator to use new API field for requesting permissions

Closed

NE-1244 Update Azure Credentials Request manifest of the Cluster Ingress Operator to use new API field for requesting permissions

Closed

OCPCLOUD-2014 Update Azure Credentials Request manifest of the Machine API Operator to use new API field for requesting permissions

Closed

OCPCLOUD-2149 Azure: Convert Cloud Controller Manager and Node Manager to use CCO provided credentials instead of system-assigned identity

Closed

STOR-1274 Update Azure Credentials Request manifest of the Cluster Storage Operator to use new API field for requesting permissions

Closed

OCPCLOUD-2013 Update Azure Credentials Request manifest of the Cloud Controller Manager Operator to use new API field for requesting permissions

Closed

is depended on by

CCO-282 Azure OpenShift role granularity for Azure managed identity

Release Pending

relates to

OCPCLOUD-2012 Update ARO Credentials Request manifest of the Cluster CAPI Operator to use new API field for requesting permissions

Closed

(3 depends on, 1 is depended on by, 1 relates to)

Assignee:: Unassigned

Reporter:: Mike Worthington

QA Contact:: Mingxia Huang

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/12/01 1:45 PM

Updated:: 2023/09/08 1:53 PM

Resolved:: 2023/09/08 1:53 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates