-
Bug
-
Resolution: Done-Errata
-
Normal
-
4.14.0
-
No
-
False
-
Description of problem:
In an STS cluster with the TechPreviewNoUpgrade featureset enabled, CCO ignores CRs whose .spec.providerSpec.stsIAMRoleARN is unset. While the CR controller does not provision a Secret for the aforementioned type of CRs, it still sets .status.provisioned to true for them.
Steps to Reproduce:
1. Create an STS cluster, enable the feature set. 2. Create a dummy CR like the following: fxie-mac:cloud-credential-operator fxie$ cat cr2.yaml apiVersion: cloudcredential.openshift.io/v1 kind: CredentialsRequest metadata: name: test-cr-2 namespace: openshift-cloud-credential-operator spec: providerSpec: apiVersion: cloudcredential.openshift.io/v1 kind: AWSProviderSpec statementEntries: - action: - ec2:CreateTags effect: Allow resource: '*' secretRef: name: test-secret-2 namespace: default serviceAccountNames: - default 3. Check CR.status fxie-mac:cloud-credential-operator fxie$ oc get credentialsrequest test-cr-2 -n openshift-cloud-credential-operator -o yaml apiVersion: cloudcredential.openshift.io/v1 kind: CredentialsRequest metadata: creationTimestamp: "2023-07-24T09:21:44Z" finalizers: - cloudcredential.openshift.io/deprovision generation: 1 name: test-cr-2 namespace: openshift-cloud-credential-operator resourceVersion: "180154" uid: 34b36cac-3fca-4fa5-a003-a9b64c5fbf00 spec: providerSpec: apiVersion: cloudcredential.openshift.io/v1 kind: AWSProviderSpec statementEntries: - action: - ec2:CreateTags effect: Allow resource: '*' secretRef: name: test-secret-2 namespace: default serviceAccountNames: - default status: lastSyncGeneration: 0 lastSyncTimestamp: "2023-07-24T09:39:40Z" provisioned: true
- relates to
-
-
- Closed
-
- links to
-
RHSA-2023:5006
OpenShift Container Platform 4.14.z security update
