Loading...

XML

Word

Printable

Details

Type: Story
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: None
Labels:
None

Story Points:
2
Blocked:
False
Ready:
False
Epic Link:
Support AWS Security Token Service
Feature Link:
OCPPLAN-5656 - AWS STS - Security Token Service
Release Note Text:
Undefined

Sprint:
Hive Sprint 197, Hive Sprint 198

SFDC Cases Links:
SFDC Cases Counter:

Description

The tool should be able to upload an OpenID Connect (OIDC) configuration to an S3 bucket, and create an AWS IAM Identity Provider that trusts identities from the OIDC provider. It should take infra name as input so that user can identify all the resources created in AWS. Make sure that resources created in AWS are tagged appropriately.

Sample command with existing key pair:

tool-name create identity-provider <infra-name> --public-key ./path/to/public/key

Ensure the Identity Provider includes audience config for both the in-cluster components ('openshift') and the pod-identity-webhook ('sts.amazonaws.com').

Attachments

Issue Links

links to

openshift/cloud-credential-operator#302: CCO-67: Add command to setup OpenID Connect provider

Activity

People

Assignee:: Akhil Rane (Inactive)

Reporter:: Devan Goodwin

QA Contact:: Lin Wang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021/02/08 2:45 PM

Updated:: 2022/03/15 4:27 PM

Resolved:: 2021/04/15 9:52 AM