Closed dlom closed 4 months ago
@dlom: This pull request references Jira Issue OCPBUGS-32948, which is invalid:
Comment /jira refresh
to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.
The bug has been updated to refer to the pull request using the external bug tracker.
/jira refresh
@dlom: This pull request references Jira Issue OCPBUGS-32948, which is valid. The bug has been moved to the POST state.
Requesting review from QA contact: /cc @huangmingxia
@dlom: all tests passed!
Full PR test history. Your PR dashboard.
LGTM.
Verified pass, that pod identity webhook is created and in running status.
[hmx@fedora Azure-arm]$ oc get po -n openshift-cloud-credential-operator
NAME READY STATUS RESTARTS AGE
cloud-credential-operator-7d5785958f-gbs75 2/2 Running 0 175m
pod-identity-webhook-7c774cb54b-gbq2l 1/1 Running 0 175m
pod-identity-webhook-7c774cb54b-m2x2f 1/1 Running 0 175m
After migration to Azure AD Workload Identity, verify that the OpenShift cluster does not have root credentials.
$ oc get secrets -n kube-system azure-credentials
Error from server (NotFound): secrets "azure-credentials" not found
Verify that components are assuming the azure_client_id specified in the secret manifests, instead of credentials passed through by the Cloud Credential Operator.
[hmx@fedora Azure-arm]$ oc get secrets -n openshift-image-registry installer-cloud-credentials -o jsonpath='{.data}' | jq
{
"azure_client_id": "YTcwMTE5YzQtMDNiMS00Mj",
"azure_federated_token_file": "L3Zhci9ydW4vc2VjcmV0",
"azure_region": "ZdHVz",
"azure_subscription_id": "NTNiOGY1NTEtZjBmY",
"azure_tenant_id": "NjA0N2M3ZTkMzZjZiZTZhN2Vl"
}
[hmx@fedora Azure-arm]$ oc get secrets -n openshift-image-registry installer-cloud-credentials -o jsonpath='{.data.azure_client_secret}'
/label acknowledge-critical-fixes-only
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: dlom, jstuever
The full list of commands accepted by this bot can be found here.
The pull request process is described here
@dlom: Jira Issue OCPBUGS-32948: All pull requests linked via external trackers have merged:
Jira Issue OCPBUGS-32948 has been moved to the MODIFIED state.
[ART PR BUILD NOTIFIER]
This PR has been included in build ose-cloud-credential-operator-container-v4.17.0-202405151441.p0.g48b287d.assembly.stream.el9 for distgit ose-cloud-credential-operator. All builds following this will include this PR.
xref: OCPBUGS-32948 /assign @jstuever