Details
-
Bug
-
Resolution: Unresolved
-
Critical
-
4.14.0
-
No
-
False
-
Description
Description of problem:
CredentialsRequest for Azure AD workload identity contains unnecessary permissions under `virtualMachines/extensions`. Specifically write and delete.
Version-Release number of selected component (if applicable):
4.14.0+
How reproducible:
Every time
Steps to Reproduce:
1. Create a cluster without the CredentialsRequest permissions mentioned
2. Scale machineset
3. See no permission errors
Actual results:
We have unnecessary permissions, but still no errors
Expected results:
Still no permission errors after removal.
Additional info:
RHCOS doesn't leverage virtual machine extensions. It appears as though the code path is dead.
Attachments
Issue Links
- blocks
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- links to
-
RHEA-2024:0041
OpenShift Container Platform 4.16.z bug fix update