-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.14, 4.15
-
Important
-
No
-
5
-
CFE Sprint 250
-
1
-
Rejected
-
False
-
Description of problem:
"role ARN" field should be optional instead of required for cert-manager operator. CCO has some changes in token auth workflow (see Additional info) since OCP 4.14, not sure if we need to make some adpotion or update the documents.
Version-Release number of selected component (if applicable):
OCP 4.14 / 4.15
How reproducible:
Always in AWS STS cluster
Steps to Reproduce:
1. Launch 4.14 AWS STS cluster. Open web console OperatorHub. 2. Install cert-manager Operator.
Actual results:
"role ARN" field is mandatory to install the Operator. The Install button is not clickable without inputting "role ARN" field.
Expected results:
cert-manager Operator in AWS STS env should handle "role ARN" field correctly.
Additional info:
Retried with a older v1.13 cert-manager operator pre-release build built out before https://github.com/openshift/cert-manager-operator/pull/171 merged, this issue does not exist. Thus, this issue seems related to `features.operators.openshift.io/token-auth-aws: "true"` added by https://github.com/openshift/cert-manager-operator/pull/171 impacted by the 4.14 released OLM/console feature https://issues.redhat.com/browse/OCPSTRAT-70 . More related stuff: https://docs.openshift.com/container-platform/4.14/authentication/managing_cloud_provider_credentials/cco-short-term-creds.html https://docs.openshift.com/container-platform/4.14/operators/operator_sdk/osdk-token-auth.html https://docs.openshift.com/container-platform/4.14/operators/admin/olm-adding-operators-to-cluster.html#olm-installing-from-operatorhub-using-web-console_olm-adding-operators-to-a-cluster