Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: None
Labels:
- AWS
- OCPBU-8
- hive-qe

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None

Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

In the new STS mode (cf. https://issues.redhat.com/browse/CCO-366), CCO creates/updates the target Secret depending on its existence - the Secret is created iff it does not exist yet. Under the hood (https://github.com/openshift/cloud-credential-operator/blob/0c629a5d0fcd1065ad6bda6a8d03976090178af4/pkg/operator/credentialsrequest/credentialsrequest_controller.go#L671) either the Create() or the Update() function is called.

The two aforementioned functions does the same thing as they both call the same sync function, in which CCO tries to createSTSSecret().

However this createSTSSecret() function fails when the target Secret already exists. So the target Secret cannot be updated.

blocks

CCO-366 Implement STS tokenized auth POC for production

Closed

links to

https://github.com/openshift/cloud-credential-operator/pull/545

Assignee:: Steve Kuznetsov (Inactive)

Reporter:: Feilian Xie (Inactive)

Need Info From:: None

Contributors:: None

Architect:: None

QA Contact:: Feilian Xie (Inactive)

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2023/07/02 5:03 PM

Updated:: 2025/07/30 11:35 AM

Resolved:: 2023/07/13 7:50 AM