Closed jstuever closed 3 months ago
@jstuever: This pull request references Jira Issue OCPBUGS-33566, which is invalid:
Comment /jira refresh
to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.
The bug has been updated to refer to the pull request using the external bug tracker.
/jira refresh
@jstuever: This pull request references Jira Issue OCPBUGS-33566, which is valid. The bug has been moved to the POST state.
Requesting review from QA contact: /cc @jianping-shu
Attention: Patch coverage is 50.00000%
with 1 lines
in your changes are missing coverage. Please review.
Project coverage is 48.35%. Comparing base (
48b287d
) to head (6516137
). Report is 2 commits behind head on master.
/retest
Reproduced the issue with 4.15 AWS STS cluster jianpingshu@jshu-mac ~ % oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.15.0-0.nightly-2024-05-21-032108 True False 9m21s Cluster version is 4.15.0-0.nightly-2024-05-21-032108 jianpingshu@jshu-mac ~ % oc -n openshift-cloud-credential-operator get -o json credentialsrequests | jq -r '.items[] | select(tostring | contains("InfrastructureMismatch") | not) | .metadata.name as $n | .status.conditions // [{type: "NoConditions"}] | .[] | .type + "=" + .status + " " + $n + " " + .reason + ": " + .message' | sort CredentialsProvisionFailure=True aws-ebs-csi-driver-operator CredentialsProvisionFailure: failed to grant creds: an empty awsSTSIAMRoleARN was found so no Secret was created CredentialsProvisionFailure=True cloud-credential-operator-iam-ro CredentialsProvisionFailure: failed to grant creds: an empty awsSTSIAMRoleARN was found so no Secret was created CredentialsProvisionFailure=True openshift-cloud-network-config-controller-aws CredentialsProvisionFailure: failed to grant creds: an empty awsSTSIAMRoleARN was found so no Secret was created CredentialsProvisionFailure=True openshift-image-registry CredentialsProvisionFailure: failed to grant creds: an empty awsSTSIAMRoleARN was found so no Secret was created CredentialsProvisionFailure=True openshift-ingress CredentialsProvisionFailure: failed to grant creds: an empty awsSTSIAMRoleARN was found so no Secret was created CredentialsProvisionFailure=True openshift-machine-api-aws CredentialsProvisionFailure: failed to grant creds: an empty awsSTSIAMRoleARN was found so no Secret was created
Verified with cluster-bot build, AWS STS cluster installed successfully jianpingshu@jshu-mac ~ % oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.16.0-0.ci.test-2024-05-21-084849-ci-ln-xvfsg3t-latest True False 23m Cluster version is 4.16.0-0.ci.test-2024-05-21-084849-ci-ln-xvfsg3t-latest jianpingshu@jshu-mac ~ % oc -n openshift-cloud-credential-operator get -o json credentialsrequests | jq -r '.items[] | select(tostring | contains("InfrastructureMismatch") | not) | .metadata.name as $n | .status.conditions // [{type: "NoCon ditions"}] | .[] | .type + "=" + .status + " " + $n + " " + .reason + ": " + .message' | sort NoConditions= aws-ebs-csi-driver-operator : NoConditions= cloud-credential-operator-iam-ro : NoConditions= openshift-cloud-network-config-controller-aws : NoConditions= openshift-image-registry : NoConditions= openshift-ingress : NoConditions= openshift-machine-api-aws :
/assign @dlom
/cherry-pick release-4.16
@jstuever: once the present PR merges, I will cherry-pick it on top of release-4.16 in a new PR and assign it to you.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: dlom, jstuever
The full list of commands accepted by this bot can be found here.
The pull request process is described here
/retest-required
Remaining retests: 0 against base HEAD bd04f09e339ef2aec5d90a67d1ce35771927c830 and 2 for PR HEAD 65161371de9a6307b6897eea0afed3da7f04588c in total
/skip ci/prow/security
/override ci/prow/security
@jstuever: Overrode contexts on behalf of jstuever: ci/prow/security
@jstuever: all tests passed!
Full PR test history. Your PR dashboard.
@jstuever: Jira Issue OCPBUGS-33566: All pull requests linked via external trackers have merged:
Jira Issue OCPBUGS-33566 has been moved to the MODIFIED state.
@jstuever: new pull request created: #704
[ART PR BUILD NOTIFIER]
This PR has been included in build ose-cloud-credential-operator-container-v4.17.0-202405212243.p0.g2f29d91.assembly.stream.el9 for distgit ose-cloud-credential-operator. All builds following this will include this PR.
When the operator in manual STS mode is attempting to reconcile a credentialRequest, it should not be throwing errors for credentialRequests that do not have awsSTSIAMRoleARN. Instead, it should be quietly ignoring them as they are not configured to be reconciled with STS.