Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 4.16, 4.17, 4.18, 4.19, 4.20, 4.21
Component/s: Cloud Credential Operator
Labels:
- jlp-release-4.20:OCPBUGS-63690
- pre-merge-tested

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:

4.20.z
Target Version:

4.21.0
Release Blocker:
Rejected
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

CloudFront Distribution not deleted by ccoctl aws delete.
Compared the logs, seems it didn't get the distribution by tags successfully.
Current log:
[cloud-user@preserved-jshu verify]$ ./ccoctl aws delete --name jshuaws11 --region us-east-1
...
2025/10/26 21:49:05 Identity Provider bucket jshuaws11-oidc deleted
2025/10/26 21:49:25 failed to delete the CloudFront origin access identity with ID E3I4QD2PBVGYZ6: operation error CloudFront: DeleteCloudFrontOriginAccessIdentity, https response error StatusCode: 409, RequestID: c93445d3-673d-4d3d-a37a-641827cea46a, CloudFrontOriginAccessIdentityInUse: The CloudFront origin access identity is still being used.
2025/10/26 21:49:40 Policy jshuaws11-openshift-cloud-credential-operator-cloud-credential-o associated with IAM Role jshuaws11-openshift-cloud-credential-operator-cloud-credential-o deleted
...

Old successful log:
[cloud-user@jshu-gcp cco]$ ./ccoctl aws delete --name jshu-sts3 --region=us-east-2
...
2023/06/22 12:27:44 Identity Provider bucket jshu-sts3-oidc deleted
2023/06/22 12:27:54 Waiting 30s for CloudFront distribution with ID E1JUIQ3GZNMFP2 to be disabled...
2023/06/22 12:28:24 Waiting 30s for CloudFront distribution with ID E1JUIQ3GZNMFP2 to be disabled...
...
2023/06/22 12:35:59 CloudFront distribution with ID E1JUIQ3GZNMFP2 deleted
2023/06/22 12:36:00 CloudFront origin access identity with ID E2WDDMOY5FRX91 deleted
...

Version-Release number of selected component (if applicable):

4.21

How reproducible:

always

Steps to Reproduce:

    1.ccoctl aws create-all --create-private-s3-bucket --name jshuaws11 --region us-east-1 --output-dir output11 --credentials-requests-dir /home/cloud-user/jshu/cco/awscr-420
    2.ccoctl aws delete --name jshuaws11 --region us-east-1

Actual results:

CloudFront Distribution and origin access identity NOT deleted
like
2025/10/26 21:49:25 failed to delete the CloudFront origin access identity with ID E3I4QD2PBVGYZ6: operation error CloudFront: DeleteCloudFrontOriginAccessIdentity, https response error StatusCode: 409, RequestID: c93445d3-673d-4d3d-a37a-641827cea46a, CloudFrontOriginAccessIdentityInUse: The CloudFront origin access identity is still being used.

Expected results:

CloudFront Distribution and origin access identity deleted
like
2023/06/22 12:35:59 CloudFront distribution with ID E1JUIQ3GZNMFP2 deleted 2023/06/22 12:36:00 CloudFront origin access identity with ID E2WDDMOY5FRX91 deleted

Additional info:

I tested 4.21/4.20/4.16

blocks

OCPBUGS-63690 CloudFront Distribution not deleted by ccoctl aws delete

is cloned by

OCPBUGS-63690 CloudFront Distribution not deleted by ccoctl aws delete

links to

openshift/cloud-credential-operator#935: OCPBUGS-63561: ccoctl: use pagination when listing resources in aws

Assignee:: Jeremiah Stuever

Reporter:: Jianping Shu

Need Info From:: None

Contributors:: None

QA Contact:: Jianping Shu

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/10/27 3:41 AM

Updated:: 2025/10/30 5:17 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates