Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: 4.15.z
Affects Version/s: 4.14.0
Component/s: Cloud Compute / Other Provider
Labels:
- ServiceDeliveryBlocker
- ServiceDeliveryImpact

Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.15.z

SFDC Cases Counter:
SFDC Cases Links:

Description

This is a clone of issue OCPBUGS-29956. The following is the description of the original issue:
—
Description of problem:

CredentialsRequest for Azure AD workload identity contains unnecessary permissions under `virtualMachines/extensions`.   Specifically write and delete.

Version-Release number of selected component (if applicable):

4.14.0+

How reproducible:

Every time

Steps to Reproduce:

    1. Create a cluster without the CredentialsRequest permissions mentioned
    2. Scale machineset
    3. See no permission errors

Actual results:

We have unnecessary permissions, but still no errors

Expected results:

Still no permission errors after removal.

Additional info:

RHCOS doesn't leverage virtual machine extensions.  It appears as though the code path is dead.

Attachments

Issue Links

blocks

OCPBUGS-30898 Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions

Verified

clones

OCPBUGS-29956 Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions

Verified

is blocked by

OCPBUGS-29956 Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions

Verified

is cloned by

OCPBUGS-30898 Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions

Verified

links to

openshift/machine-api-operator#1222: [release-4.15] OCPBUGS-30215: Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions

openshift/machine-api-provider-azure#103: [release-4.15] OCPBUGS-30215: Remove startupScript vmextension lookup

RHBA-2024:1770 OpenShift Container Platform 4.15.z bug fix update

(2 links to)

Activity

People

Assignee:: Benjamin Vesel

Reporter:: OpenShift Prow Bot

QA Contact:: Zhaohua Sun

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2024/03/04 7:21 PM

Updated:: 2024/04/16 2:53 PM

Resolved:: 2024/04/16 2:53 PM