-
Story
-
Resolution: Unresolved
-
Critical
-
None
-
4
-
False
-
-
False
-
ToDo
-
-
-
0
-
Very Likely
-
0
-
None
-
Unset
-
Unknown
-
No
ReReview on 04/25 - CloudStorage API for 1.5.0
1. Current status
2. AWS supported
3. GCP not
4. Azure not
5. Cloud credential operator
6. CCO does support WIF and Azure for standardized flow as of 4/2025
High Level Breakdown of required work:
-
- work - Part: CCO
1. get credentials for azure, we have gcp wif, we have creds for aws.
2. put the current [AWS cco code](https://github.com/openshift/oadp-operator/blob/338e8d5e9382d19be8b0debbe0ea454d73b4c26e/cmd/main.go#L139) in an aws if statement
3. add GCP WIF if statement
4. add azure sts if statement
5. Validate w/ QE/Wes helping cco install from operator webui... verify that secrets exists and backup works.
- work - Part: CCO
-
- work - Part: Cloud Storage API
1. aws bucket creation code is [here](https://github.com/openshift/oadp-operator/blob/master/pkg/bucket/aws.go#L55)
2. create code for gcp bucket creation
3. create code for azure bucket creation
- work - Part: Cloud Storage API
-
- work - Part: BSL Creation
1. Update BSL [code](https://github.com/openshift/oadp-operator/blob/0ff661cae03822fc278e9715af5515c7e89f680d/internal/controller/bsl.go#L160-L174) to support azure and gcp
- work - Part: BSL Creation
-
- Uncouple CloudStorageAPI from CCO/standard workflow?
https://github.com/openshift/oadp-operator/blob/338e8d5e9382d19be8b0debbe0ea454d73b4c26e/internal/controller/cloudstorage_controller.go#L126-L135
- Uncouple CloudStorageAPI from CCO/standard workflow?
4. Test test test
CONTEXT
1. The cloud storage api main purpose to simply auto create a bucket if no buckets exists.
1. STS - auto create bucket
2. Uncouple from STS (maybe)
WORKFLOW from Customer:
STS enabled or no STS
1. user creates secret for cloud auth
2. user creates cloudstorage
3. bucket auto created for user
4. user creates a dpa with CloudStorage ref - bucket key/value
<wes> needs to think about encryption types, does that need to be added to:
[OADP-3340] Support the standardized Azure Identity configuration flow via OLM and CCO for OADP in OCP 4.15
Tested the CCO workflow for Azure credentials request on OCP 4.15 pre-released Azure identity cluster, it worked fine. Now need to check whether the Velero-plugin-for-microsoft-azure supports authentication via this method.
Draft PR is up: https://github.com/openshift/oadp-operator/pull/1281
TODOs:
- Test on ARO release candidate 4.15
- Identify if there are any gaps in the secret provided by CCO and the one needed by OADP
- OADP with ARO documentation changes if any
wnstb this feature in the main epic is planned to be supported on 1.4.0, shouldn't this be also moved to 1.4?