Uploaded image for project: 'OCMUI - OpenShift Cluster Manager UI'
  1. OCMUI - OpenShift Cluster Manager UI
  2. OCMUI-706

[Rosa Wizard] User can select account roles ARNs which lead to cluster creation error

    • Icon: Bug Bug
    • Resolution: Can't Do
    • Icon: Undefined Undefined
    • None
    • None
    • None

      Here is list of ocm-roles.  Note 'OCM-UI-ADMIN-OCM-Role' is currently linked:

      uhc-portal>rosa list ocm-roles
      I: Fetching ocm roles
      ROLE NAME                                    ROLE ARN                                                                                       LINKED  ADMIN
      OCM-UI-ADMIN-OCM-Role-15212158               arn:aws:iam::269733383066:role/OCM-UI-ADMIN-OCM-Role-15212158                                  Yes     Yes
      OCM-UI-BASIC-OCM-Role-15212158               arn:aws:iam::269733383066:role/OCM-UI-BASIC-OCM-Role-15212158                                  No      No
      pneedle-arn-path-test-ocm-OCM-Role-15234082  arn:aws:iam::269733383066:role/test/path/pneedle3/pneedle-arn-path-test-ocm-OCM-Role-15234082  No      Yes

      In the UI, I am able to select 'pneedle' account-role ARNs and proceed to [Create Cluster] but get:

      The UI calls this API passing in AWS account id,  I don't see how to filter these results to only show ARNs of the currently linked ocm-role?  In the example below, we'd only want to use items with `"prefix": "ManagedOpenShift",`:

      uhc-portal>ocm post /api/clusters_mgmt/v1/aws_inquiries/sts_account_roles <<EOM
      {
          "account_id":"269733383066"
      }
      EOM
      {
        "kind": "AccountRolesList",
        "aws_acccount_id": "269733383066",
        "items": [
          {
            "prefix": "ManagedOpenShift",
            "kind": "AccountRoles",
            "items": [
              {
                "arn": "arn:aws:iam::269733383066:role/ManagedOpenShift-ControlPlane-Role",
                "type": "ControlPlane",
                "isAdmin": false,
                "roleVersion": "4.10"
              },
              {
                "arn": "arn:aws:iam::269733383066:role/ManagedOpenShift-Installer-Role",
                "type": "Installer",
                "isAdmin": false,
                "roleVersion": "4.10"
              },
              {
                "arn": "arn:aws:iam::269733383066:role/ManagedOpenShift-Support-Role",
                "type": "Support",
                "isAdmin": false,
                "roleVersion": "4.10"
              },
              {
                "arn": "arn:aws:iam::269733383066:role/ManagedOpenShift-Worker-Role",
                "type": "Worker",
                "isAdmin": false,
                "roleVersion": "4.10"
              }
            ]
          },
          {
            "prefix": "pneedle-arn-path-test-1",
            "kind": "AccountRoles",
            "items": [
              {
                "arn": "arn:aws:iam::269733383066:role/test/path/pneedle/pneedle-arn-path-test-1-ControlPlane-Role",
                "type": "ControlPlane",
                "isAdmin": false,
                "roleVersion": "4.11"
              },
              {
                "arn": "arn:aws:iam::269733383066:role/test/path/pneedle/pneedle-arn-path-test-1-Installer-Role",
                "type": "Installer",
                "isAdmin": false,
                "roleVersion": "4.11"
              },
              {
                "arn": "arn:aws:iam::269733383066:role/test/path/pneedle/pneedle-arn-path-test-1-Support-Role",
                "type": "Support",
                "isAdmin": false,
                "roleVersion": "4.11"
              },
              {
                "arn": "arn:aws:iam::269733383066:role/test/path/pneedle/pneedle-arn-path-test-1-Worker-Role",
                "type": "Worker",
                "isAdmin": false,
                "roleVersion": "4.11"
              }
            ]
          },
          {
            "prefix": "pneedle-arn-path-test-2",
            "kind": "AccountRoles",
            "items": [
              {
                "arn": "arn:aws:iam::269733383066:role/test/path/pneedle2/pneedle-arn-path-test-2-ControlPlane-Role",
                "type": "ControlPlane",
                "isAdmin": false,
                "roleVersion": "4.11"
              },
              {
                "arn": "arn:aws:iam::269733383066:role/test/path/pneedle2/pneedle-arn-path-test-2-Installer-Role",
                "type": "Installer",
                "isAdmin": false,
                "roleVersion": "4.11"
              },
              {
                "arn": "arn:aws:iam::269733383066:role/test/path/pneedle2/pneedle-arn-path-test-2-Support-Role",
                "type": "Support",
                "isAdmin": false,
                "roleVersion": "4.11"
              },
              {
                "arn": "arn:aws:iam::269733383066:role/test/path/pneedle2/pneedle-arn-path-test-2-Worker-Role",
                "type": "Worker",
                "isAdmin": false,
                "roleVersion": "4.11"
              }
            ]
          }
        ]
      }
      

       

              Unassigned Unassigned
              dtaylor@redhat.com David Taylor
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: