-
Bug
-
Resolution: Done-Errata
-
Undefined
-
OADP 1.5.1
-
Quality / Stability / Reliability
-
3
-
False
-
-
False
-
oadp-operator-bundle-container-1.5.1-44
-
ToDo
-
-
-
Very Likely
-
0
-
None
-
Unset
-
Unknown
-
None
Description of problem:
Was testing cloudStorage API with GCP. I intentionally removed the storage.buckets.create permission and created cloudStorage CR. Secret creation logic is getting executed continuously. Attaching logs below:-
2025-09-03T13:08:06Z INFO Secret already exists, updating 2025-09-03T13:08:06Z INFO Secret cloud-credentials-gcp updated successfully 2025-09-03T13:08:06Z INFO Waiting for cloud-credentials-gcp Secret to be available 2025-09-03T13:08:16Z INFO credentials Secret is now available 2025-09-03T13:08:16Z INFO Following standardized STS workflow, secret cloud-credentials-gcp created successfully {"controller": "cloudstorage", "controllerGroup": "oadp.openshift.io", "controllerKind": "CloudStorage", "CloudStorage": {"name":"gcp-test-storage","namespace":"openshift-adp"}, "namespace": "openshift-adp", "name": "gcp-test-storage", "reconcileID": "b2da1d05-b4dd-4293-9b3f-685fe5643c4c", "bucket": {"name":"gcp-test-storage","namespace":"openshift-adp"}} 2025-09-03T13:08:16Z INFO Secret already exists, updating 2025-09-03T13:08:16Z INFO Secret cloud-credentials-gcp updated successfully 2025-09-03T13:08:16Z INFO Waiting for cloud-credentials-gcp Secret to be available 2025-09-03T13:08:27Z INFO credentials Secret is now available 2025-09-03T13:08:27Z INFO Secret already exists, updating 2025-09-03T13:08:27Z INFO Secret cloud-credentials-gcp updated successfully 2025-09-03T13:08:27Z INFO Waiting for cloud-credentials-gcp Secret to be available 2025-09-03T13:08:37Z INFO credentials Secret is now available 2025-09-03T13:08:37Z INFO unable to create object bucket {"controller": "cloudstorage", "controllerGroup": "oadp.openshift.io", "controllerKind": "CloudStorage", "CloudStorage": {"name":"gcp-test-storage","namespace":"openshift-adp"}, "namespace": "openshift-adp", "name": "gcp-test-storage", "reconcileID": "b2da1d05-b4dd-4293-9b3f-685fe5643c4c", "bucket": {"name":"gcp-test-storage","namespace":"openshift-adp"}} 2025-09-03T13:08:37Z DEBUG events unable to create bucket: permission denied: check service account permissions for project {"type": "Warning", "object": {"kind":"CloudStorage","namespace":"openshift-adp","name":"gcp-test-storage","uid":"e48d5fde-b918-4768-86a0-30fa321db6ef","apiVersion":"oadp.openshift.io/v1alpha1","resourceVersion":"166917"}, "reason": "BucketNotCreated"} 2025-09-03T13:09:07Z INFO Secret already exists, updating 2025-09-03T13:09:07Z INFO Secret cloud-credentials-gcp updated successfully 2025-09-03T13:09:07Z INFO Waiting for cloud-credentials-gcp Secret to be available 2025-09-03T13:09:17Z INFO credentials Secret is now available
Version-Release number of selected component (if applicable):
OADP 1.5.1
How reproducible:
Always (100% of the time)
Steps to Reproduce:
1. Create GCP-WIF or AZURE STS cluster
2. Create SA without adding storage.buckets.create permission
2. Install OADP following standerdized workflow
3. Observer OADP controller pod logs
Actual results:
Secret update process is getting executed every other second which puts load on api server.
Expected results:
Patch secret only when the content is modified
Additional info:
- links to
-
RHBA-2025:150824
OpenShift API for Data Protection (OADP) 1.5.1 security and bug fix update
- mentioned on
