Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-30215

Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions

XMLWordPrintable

    • No
    • False
    • Hide

      None

      Show
      None

      This is a clone of issue OCPBUGS-29956. The following is the description of the original issue:

      Description of problem:

      CredentialsRequest for Azure AD workload identity contains unnecessary permissions under `virtualMachines/extensions`.   Specifically write and delete.  
          

      Version-Release number of selected component (if applicable):

      4.14.0+
          

      How reproducible:

      Every time
          

      Steps to Reproduce:

          1. Create a cluster without the CredentialsRequest permissions mentioned
          2. Scale machineset
          3. See no permission errors
          

      Actual results:

      We have unnecessary permissions, but still no errors
          

      Expected results:

      Still no permission errors after removal.
          

      Additional info:

      RHCOS doesn't leverage virtual machine extensions.  It appears as though the code path is dead.  
          

            bvesel@redhat.com Benjamin Vesel
            openshift-crt-jira-prow OpenShift Prow Bot
            Zhaohua Sun Zhaohua Sun
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: