Uploaded image for project: 'OCMUI - OpenShift Cluster Manager UI'
  1. OCMUI - OpenShift Cluster Manager UI
  2. OCMUI-1600

[OSD wizard CCS] Key ARNs not re-validated on region change

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      Issue in OSD wizard, CCS, Cluster Settings > Details.
      [Works fine in ROSA v1. I'm making sure it'll work in ROSA v2; opening this to track OSD separately.]

      Steps to reproduce — direct change

      1. OSD wizard, CCS, AWS
      2. Set region to us-west-1
      3. Reveal "Advanced Encryption" section
      4. Choose "Use custom KMS keys"
      5. Set "Key ARN" to arn:aws:kms:us-west-1:111111111111:key/1470a953-a261-4350-850d-2d8d1ef6e82b
      6. Collapse "Advanced Encryption" section
      7. Change region to something else

      expected behavior: Advanced Encryption got revealed immediately & Key ARN now shows "Your KMS key must contain your selected region" error.

      actual behavior: need to press Tab at least twice, or click other things for re-validation to happen.

      • Similarly, when Key ARN shows that error and you change region back to match it, the error is not immediately cleared.

      Steps to reproduce — cascade of invalidation

      1. OSD wizard, CCS, AWS
      2. Choose "Single zone"
      3. Set region to us-west-1 (which "supports_multi_az": false)
      4. Reveal "Advanced Encryption" section
      5. Choose "Use custom KMS keys"
      6. Set "Key ARN" to arn:aws:kms:us-west-1:111111111111:key/1470a953-a261-4350-850d-2d8d1ef6e82b
      7. Collapse "Advanced Encryption" section
      8. Click "Multi-zone"

      expected behavior: Region was forced to us-east-1 => Key ARN now shows "Your KMS key must contain your selected region" error => Advanced Encryption got revealed immediately.

      actual behavior: Region changes to us-east-1 immediately, but Key ARN is not re-validated. Need to press Tab at least twice, or click other things for error to show.

      • Similarly, if you prepare region us-west-1 and Key ARN arn:aws:kms:us-east-1:111111111111:key/1470a953-a261-4350-850d-2d8d1ef6e82b (mismatching and showing error), then click "Multi-zone" => region changes immediately to us-east-1 but the now correct ARN still shows error.

      Steps to reproduce — GCP

      1. OSD wizard, CCS, GCP
      2. Reveal "Advanced Encryption" section
      3. Choose "Use custom KMS keys". Look at "Key ring location".
      4. Collapse "Advanced Encryption" section
      5. Change region to anything else
      6. Reveal section if needed, Look at "Key ring location"

      actual behavior: "Key ring location" changes to match region, user didn't see that.
      expected behavior: Advanced Encryption got revealed immediately, so user has chance to note the change.

        1. region-KeyARN-validation.webm
          3.76 MB
          Beni Paskin-Cherniavsky

              Unassigned Unassigned
              bpaskinc@redhat.com Beni Paskin-Cherniavsky (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: