Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Unresolved
Priority: Blocker
Fix Version/s: None
Affects Version/s: openshift-4.16, openshift-4.17, openshift-4.18, openshift-4.19
Component/s: Cloud Credentials Operator
Labels:
- azure
- cco
- ccoctl

Target Version:
None
Activity Type:
Product / Portfolio Work
Status Summary:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Products:
None
Hierarchy Progress Bar:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Review Complete:
None
PX Impact Score:
PX Impact Range:
None
PX Priority Data:
None
PX Technical Impact:
None
PX Technical Impact Notes:
None
PX Scheduling Request:
None

Description of problem:

In the OpenShift installed in Azure cluster, the ccoctl deleting additional role added on a additional feature in minor update. Issue is that today it deletes any role assignment it doesn't know breaking the additional functionalities until we re-add the roles.

But It should delete/update role assignment that is managed by ccoctl and leave the additional role assignments.

https://github.com/openshift/cloud-credential-operator/blob/d66761c098427c1a700d984c78d03f785d233d83/pkg/cmd/provisioning/azure/create_managed_identities.go#L285

Expected Result:

During the upgrade to minor openshift version ccoctl must be run to update the managed identities.

is duplicated by

OCPBUGS-55778 CCOCTL removes any role assigned to the managed identities

Closed

is triggering

OCPSTRAT-2502 Preserve custom role assignments for Azure managed identities during updates

In Progress

Assignee:: Ju Lim

Reporter:: Rutuja Kale

Need Info From:: None

Votes:: 1 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2025/05/27 10:30 AM

Updated:: 2025/10/15 4:09 PM

Target start:: None

Target end:: None

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates