Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-38557

Add support for GCP Workload Identity / Federated identity operator installs

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • 4.18.0
    • Management Console
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • Hide
      Fix: Add the code logic to add support for GCP Workload Identity / Federated Identity operator installs.
      Consequence: The user was not warned when they were on a GCP cluster that supports GCP's Workload Identity Management and the operator they were installing supports it.
      Result:’ Added additional fields to the subscription form and a warning alert to warn users when they are on a GCP cluster.
      Show
      Fix: Add the code logic to add support for GCP Workload Identity / Federated Identity operator installs. Consequence: The user was not warned when they were on a GCP cluster that supports GCP's Workload Identity Management and the operator they were installing supports it. Result:’ Added additional fields to the subscription form and a warning alert to warn users when they are on a GCP cluster.
    • Enhancement
    • In Progress

      Similar to the work done for AWS STS and Azure WIF support, the console UI (specifically OperatorHub) needs to:

      1. warn users when they are on an GCP cluster that support GCP's Workload Identity Management and the operator they will be installing supports it
      2. Subscribing to an operator that supports it can be customized in the UI by adding fields to the subscription config field that need to be provided to the operator at install time.

      CONSOLE-3776 was adding filtering for the GCP WIP case, for the operator-hub tile view. Part fo the change was also check for the annotation which indicates that the operator supports GCP's WIF:

      features.operators.openshift.io/token-auth-gcp: "true"

       

      AC:

      • Add warning alert to the operator-hub-item-details component, if the cluster is GCP with WIF, similar to Azure and AWS.
      • Add warning alert to the operator-hub-subscribe component, if the cluster is GCP with WIF, similar to Azure and AWS.
      • If the cluster is in GCP WIF mode and the operator claims support for it the the subscription page provides configuring 4 additional fields, which will be set on the Subscription's spec.config.env field:
        • POOL_ID
        • PROVIDER_ID
        • SERVICE_ACCOUNT_EMAIL
      • Default subscription to manual for installs on WIF mode clusters for operators that support it.

       

      Design docs

            cajieh Cyril Ajieh
            cajieh Cyril Ajieh
            Xiyun Zhao Xiyun Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: