Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-61861

"cluster in workload identity mode" isn't applied with the token-auth-azure annotation

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • 4.20.0
    • 4.17
    • Management Console
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • In Progress
    • Release Note Not Required
    • Hide
      Before this update, the “cluster in workload identity mode” warning was missing when only the `token-auth-azure` annotation was set, which could lead to misconfiguration. This update adds a check for the `token-auth-azure` annotation when showing the warning. As a result, clusters that use only Azure Workload Identity now show the “cluster in workload identity mode” warning as expected. (link:https://issues.redhat.com/browse/OCPBUGS-61861[OCPBUGS-61861])
      Show
      Before this update, the “cluster in workload identity mode” warning was missing when only the `token-auth-azure` annotation was set, which could lead to misconfiguration. This update adds a check for the `token-auth-azure` annotation when showing the warning. As a result, clusters that use only Azure Workload Identity now show the “cluster in workload identity mode” warning as expected. (link: https://issues.redhat.com/browse/OCPBUGS-61861 [ OCPBUGS-61861 ])
    • None
    • None
    • None
    • None

      This is a clone of issue OCPBUGS-61183. The following is the description of the original issue:

      Description of problem:

      "cluster in workload identity mode" warning doesn't appear when the only token-auth-azure annotation is being set (without the other providers)

      Version-Release number of selected component (if applicable):

      4.17

      How reproducible:

        always

      Steps to Reproduce:

      1.create managed identity 4.17.27 cluster on Azure (i used ARO)
      2. follow these steps for some operator (set only the azure annotation), like so:

      features.operators.openshift.io/token-auth-aws: "false"
features.operators.openshift.io/token-auth-azure: "true"
features.operators.openshift.io/token-auth-gcp: "false"

      3. deploy you catalog and check the installation page for the workload identity mode warning 

      Actual results:

          The warning doesn't appear

      Expected results:

       Seeing "cluster in Workload Identity/Federated Identity mode" warning in the operator installation page

      Additional info:

      1. Setting all token-auth annotation to true for all the providers make the warning to appear
2. When only token-auth-azure is set and you try to search it by filtrating operators that supports STS in the operatorHub it also doesn't appear

       

              cajieh Cyril Ajieh
              ssheribe@redhat.com Snir sheriber
              None
              None
              Yanping Zhang Yanping Zhang
              Jocelyn Sese Jocelyn Sese
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: