Uploaded image for project: 'OCMUI - OpenShift Cluster Manager UI'
  1. OCMUI - OpenShift Cluster Manager UI
  2. OCMUI-706

[Rosa Wizard] User can select account roles ARNs which lead to cluster creation error

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Can't Do
    • Icon: Undefined Undefined
    • None
    • None
    • None

      Here is list of ocm-roles.  Note 'OCM-UI-ADMIN-OCM-Role' is currently linked:

      uhc-portal>rosa list ocm-roles
I: Fetching ocm roles
ROLE NAME                                    ROLE ARN                                                                                       LINKED  ADMIN
OCM-UI-ADMIN-OCM-Role-15212158               arn:aws:iam::269733383066:role/OCM-UI-ADMIN-OCM-Role-15212158                                  Yes     Yes
OCM-UI-BASIC-OCM-Role-15212158               arn:aws:iam::269733383066:role/OCM-UI-BASIC-OCM-Role-15212158                                  No      No
pneedle-arn-path-test-ocm-OCM-Role-15234082  arn:aws:iam::269733383066:role/test/path/pneedle3/pneedle-arn-path-test-ocm-OCM-Role-15234082  No      Yes

      In the UI, I am able to select 'pneedle' account-role ARNs and proceed to [Create Cluster] but get:

      The UI calls this API passing in AWS account id,  I don't see how to filter these results to only show ARNs of the currently linked ocm-role?  In the example below, we'd only want to use items with `"prefix": "ManagedOpenShift",`:

      uhc-portal>ocm post /api/clusters_mgmt/v1/aws_inquiries/sts_account_roles <<EOM
{
    "account_id":"269733383066"
}
EOM
{
  "kind": "AccountRolesList",
  "aws_acccount_id": "269733383066",
  "items": [
    {
      "prefix": "ManagedOpenShift",
      "kind": "AccountRoles",
      "items": [
        {
          "arn": "arn:aws:iam::269733383066:role/ManagedOpenShift-ControlPlane-Role",
          "type": "ControlPlane",
          "isAdmin": false,
          "roleVersion": "4.10"
        },
        {
          "arn": "arn:aws:iam::269733383066:role/ManagedOpenShift-Installer-Role",
          "type": "Installer",
          "isAdmin": false,
          "roleVersion": "4.10"
        },
        {
          "arn": "arn:aws:iam::269733383066:role/ManagedOpenShift-Support-Role",
          "type": "Support",
          "isAdmin": false,
          "roleVersion": "4.10"
        },
        {
          "arn": "arn:aws:iam::269733383066:role/ManagedOpenShift-Worker-Role",
          "type": "Worker",
          "isAdmin": false,
          "roleVersion": "4.10"
        }
      ]
    },
    {
      "prefix": "pneedle-arn-path-test-1",
      "kind": "AccountRoles",
      "items": [
        {
          "arn": "arn:aws:iam::269733383066:role/test/path/pneedle/pneedle-arn-path-test-1-ControlPlane-Role",
          "type": "ControlPlane",
          "isAdmin": false,
          "roleVersion": "4.11"
        },
        {
          "arn": "arn:aws:iam::269733383066:role/test/path/pneedle/pneedle-arn-path-test-1-Installer-Role",
          "type": "Installer",
          "isAdmin": false,
          "roleVersion": "4.11"
        },
        {
          "arn": "arn:aws:iam::269733383066:role/test/path/pneedle/pneedle-arn-path-test-1-Support-Role",
          "type": "Support",
          "isAdmin": false,
          "roleVersion": "4.11"
        },
        {
          "arn": "arn:aws:iam::269733383066:role/test/path/pneedle/pneedle-arn-path-test-1-Worker-Role",
          "type": "Worker",
          "isAdmin": false,
          "roleVersion": "4.11"
        }
      ]
    },
    {
      "prefix": "pneedle-arn-path-test-2",
      "kind": "AccountRoles",
      "items": [
        {
          "arn": "arn:aws:iam::269733383066:role/test/path/pneedle2/pneedle-arn-path-test-2-ControlPlane-Role",
          "type": "ControlPlane",
          "isAdmin": false,
          "roleVersion": "4.11"
        },
        {
          "arn": "arn:aws:iam::269733383066:role/test/path/pneedle2/pneedle-arn-path-test-2-Installer-Role",
          "type": "Installer",
          "isAdmin": false,
          "roleVersion": "4.11"
        },
        {
          "arn": "arn:aws:iam::269733383066:role/test/path/pneedle2/pneedle-arn-path-test-2-Support-Role",
          "type": "Support",
          "isAdmin": false,
          "roleVersion": "4.11"
        },
        {
          "arn": "arn:aws:iam::269733383066:role/test/path/pneedle2/pneedle-arn-path-test-2-Worker-Role",
          "type": "Worker",
          "isAdmin": false,
          "roleVersion": "4.11"
        }
      ]
    }
  ]
}

       

        1. pneedle_arn.png
          pneedle_arn.png
          37 kB
        2. Create Cluster Error.png
          Create Cluster Error.png
          58 kB

              Unassigned Unassigned
              dtaylor@redhat.com David Taylor
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: