Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-29088

No Functionality Exists To Revoke Break-Glass Signer Certificates

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • None
    • 4.16.0
    • HyperShift
    • None
    • No
    • False
    • Hide

      None

      Show
      None

      Description of problem:

          Customer has no method to revoke break-glass signer certificate for HCP.

      Version-Release number of selected component (if applicable):

          4.16.0

      How reproducible:

          always

      Steps to Reproduce:

          1. not possible

      Actual results:

          nothing

      Expected results:

          expected a path to do this

      Additional info:

      In order to use the new flow introduced to fix this, create a CertificateRevocationRequest in the namespace of a HostedControlPlane as described in the test:

      1. create a private key, certificate and certificate signing request using e.g. openssl
      2. create admin credentials for the cluster by using a CertificateSigningRequest and {{CertificateSigningRequestApproval }}{{
        }}
      3. revoke the break-glass signing certificate using the CertificateRevocationRequest
      4. wait for the CRR status to show that it succeeded
      5. ensure that the credentials created in step 2 are no longer valid

              skuznets@redhat.com Steve Kuznetsov (Inactive)
              skuznets@redhat.com Steve Kuznetsov (Inactive)
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: