Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-13792

Failed to create STS resources on AWS GovCloud regions using ccoctl

    XMLWordPrintable

Details

    • Critical
    • No
    • Proposed
    • False
    • Hide

      None

      Show
      None

    Description

      This is a clone of issue OCPBUGS-13739. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-13692. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-13549. The following is the description of the original issue:

      Description of problem:

      Incorrect AWS ARN [1] is used for GovCloud and AWS China regions, which will cause the command `ccoctl aws create-all` to fail:
      
      Failed to create Identity provider: failed to apply public access policy to the bucket ci-op-bb5dgq54-77753-oidc: MalformedPolicy: Policy has invalid resource
      	status code: 400, request id: VNBZ3NYDH6YXWFZ3, host id: pHF8v7C3vr9YJdD9HWamFmRbMaOPRbHSNIDaXUuUyrgy0gKCO9DDFU/Xy8ZPmY2LCjfLQnUDmtQ=
      
      Correct AWS ARN prefix:
      GovCloud (us-gov-east-1 and us-gov-west-1): arn:aws-us-gov
      AWS China (cn-north-1 and cn-northwest-1): arn:aws-cn
      
      [1] https://github.com/openshift/cloud-credential-operator/pull/526/files#diff-1909afc64595b92551779d9be99de733f8b694cfb6e599e49454b380afc58876R211
      
      
       

      Version-Release number of selected component (if applicable):

      4.12.0-0.nightly-2023-05-11-024616

      How reproducible:

      Always
       

      Steps to Reproduce:

      1. Run command: `aws create-all --name="${infra_name}" --region="${REGION}" --credentials-requests-dir="/tmp/credrequests" --output-dir="/tmp"` on GovCloud regions
      2.
      3.
      

      Actual results:

      Failed to create Identity provider
       

      Expected results:

      Create resources successfully.
       

      Additional info:

      Related PRs:
      4.10: https://github.com/openshift/cloud-credential-operator/pull/531
      4.11: https://github.com/openshift/cloud-credential-operator/pull/530
      4.12: https://github.com/openshift/cloud-credential-operator/pull/529
      4.13: https://github.com/openshift/cloud-credential-operator/pull/528
      4.14: https://github.com/openshift/cloud-credential-operator/pull/526
       

      Attachments

        Issue Links

          Activity

            People

              abutcher@redhat.com Andrew Butcher
              openshift-crt-jira-prow OpenShift Prow Bot
              Jianping Shu Jianping Shu
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: