Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-38591

Add support for GCP Workload Identity / Federated identity operator installs

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • None
    • 4.18.0
    • Management Console
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, a warning was not provided when you were on a GCP cluster that supports GCP's Workload Identity Management, and that the Operator supports it. With this update, logic was added support for GCP Workload Identity and Federated Identity Operator installs, so now you are alerted when you are on a GCP cluster. (link:https://issues.redhat.com/browse/OCPBUGS-38591[*OCPBUGS-38591*])
      Show
      Previously, a warning was not provided when you were on a GCP cluster that supports GCP's Workload Identity Management, and that the Operator supports it. With this update, logic was added support for GCP Workload Identity and Federated Identity Operator installs, so now you are alerted when you are on a GCP cluster. (link: https://issues.redhat.com/browse/OCPBUGS-38591 [* OCPBUGS-38591 *])
    • Enhancement
    • Done

      This is a clone of issue OCPBUGS-38557. The following is the description of the original issue:

      Similar to the work done for AWS STS and Azure WIF support, the console UI (specifically OperatorHub) needs to:

      1. warn users when they are on an GCP cluster that support GCP's Workload Identity Management and the operator they will be installing supports it
      2. Subscribing to an operator that supports it can be customized in the UI by adding fields to the subscription config field that need to be provided to the operator at install time.

      CONSOLE-3776 was adding filtering for the GCP WIP case, for the operator-hub tile view. Part fo the change was also check for the annotation which indicates that the operator supports GCP's WIF:

      features.operators.openshift.io/token-auth-gcp: "true"

       

      AC:

      • Add warning alert to the operator-hub-item-details component, if the cluster is GCP with WIF, similar to Azure and AWS.
      • Add warning alert to the operator-hub-subscribe component, if the cluster is GCP with WIF, similar to Azure and AWS.
      • If the cluster is in GCP WIF mode and the operator claims support for it the the subscription page provides configuring 4 additional fields, which will be set on the Subscription's spec.config.env field:
        • POOL_ID
        • PROVIDER_ID
        • SERVICE_ACCOUNT_EMAIL
      • Default subscription to manual for installs on WIF mode clusters for operators that support it.

       

      Design docs

              cajieh Cyril Ajieh
              openshift-crt-jira-prow OpenShift Prow Bot
              Xiyun Zhao Xiyun Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: