Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-23178

cloud-credential-operator cannot add new grants to deleted gcp role

    XMLWordPrintable

Details

    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • N/A
    • Release Note Not Required

    Description

      Description of problem:

         The GCP Mint mode sync is failing when attempting to add permissions to a previously deleted custom role.

      Version-Release number of selected component (if applicable):

          4.15

      How reproducible:

          Always

      Steps to Reproduce:

          1. Create a gcp cluster in mint mode (with a CCO credentialRequests that has permissions defined)
    2. Delete the openshift-hive-dev-cloud-credential-operator-gcp-ro-creds custom role from GCP
    3. oc -n openshift-cloud-credential-operator delete secret cloud-credential-operator-gcp-ro-creds

      Actual results:

          Receive the following error when attempting to add permissions to the deleted custom role: "cloud-credential-operator cannot add new grants to deleted gcp role"

      Expected results:

          The new permissions should be added to the role without issue.

      Additional info:

      Attachments

        Issue Links

          blocks

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. SDN-4158 Update GCP Credentials Request manifest of the Cluster Network Operator to use new API field for requesting permissions

          • Undefined - Priority not specified.
          • Closed
          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. CCO-285 GCP openshift role granularity enhancement - phase 2

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-243 Custom roles for GCP Workload Identity

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          links to

          GitHub openshift/cloud-credential-operator#637: OCPBUGS-23178: Enable GCP sync to undelete custom roles

          Activity

            People

              jstuever@redhat.com Jeremiah Stuever
              jstuever@redhat.com Jeremiah Stuever
              Mingxia Huang Mingxia Huang
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: