Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-16684

CR.status.provisioned set to true for ignored CRs

    XMLWordPrintable

Details

    • No
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      In an STS cluster with the TechPreviewNoUpgrade featureset enabled, CCO ignores CRs whose .spec.providerSpec.stsIAMRoleARN is unset. 

While the CR controller does not provision a Secret for the aforementioned type of CRs, it still sets .status.provisioned to true for them.

      Steps to Reproduce:

      1. Create an STS cluster, enable the feature set. 

2. Create a dummy CR like the following:
fxie-mac:cloud-credential-operator fxie$ cat cr2.yaml
apiVersion: cloudcredential.openshift.io/v1
kind: CredentialsRequest
metadata:
  name: test-cr-2
  namespace: openshift-cloud-credential-operator
spec:
  providerSpec:
    apiVersion: cloudcredential.openshift.io/v1
    kind: AWSProviderSpec
    statementEntries:
    - action:
      - ec2:CreateTags
      effect: Allow
      resource: '*'
  secretRef:
    name: test-secret-2
    namespace: default
  serviceAccountNames:
  - default

3. Check CR.status
fxie-mac:cloud-credential-operator fxie$ oc get credentialsrequest test-cr-2 -n openshift-cloud-credential-operator -o yaml
apiVersion: cloudcredential.openshift.io/v1
kind: CredentialsRequest
metadata:
  creationTimestamp: "2023-07-24T09:21:44Z"
  finalizers:
  - cloudcredential.openshift.io/deprovision
  generation: 1
  name: test-cr-2
  namespace: openshift-cloud-credential-operator
  resourceVersion: "180154"
  uid: 34b36cac-3fca-4fa5-a003-a9b64c5fbf00
spec:
  providerSpec:
    apiVersion: cloudcredential.openshift.io/v1
    kind: AWSProviderSpec
    statementEntries:
    - action:
      - ec2:CreateTags
      effect: Allow
      resource: '*'
  secretRef:
    name: test-secret-2
    namespace: default
  serviceAccountNames:
  - default
status:
  lastSyncGeneration: 0
  lastSyncTimestamp: "2023-07-24T09:39:40Z"
  provisioned: true

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-17049 CR.status.lastSyncGeneration is not updated

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/cloud-credential-operator#583: OCPBUGS-16684: Set cr.status.provisioned=false on syncErr path

          Web Link RHSA-2023:5006 OpenShift Container Platform 4.14.z security update

          Activity

            People

              btofelrh Brett Tofel
              fxierh Feilian Xie
              Feilian Xie Feilian Xie
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: