S3 Bucket URLs and Identity Provider URLs are mismatched for us-gov-west-1 region
zhao-li opened this issue ยท 5 comments
Hi OpenShift Team,
Thank you for making this utility to help with installing OpenShift on AWS.
When I was running through this tutorial: https://docs.openshift.com/container-platform/4.12/authentication/managing_cloud_provider_credentials/cco-mode-sts.html#cco-ccoctl-configuring_cco-mode-sts
I encountered a bug where the Identity Provider was pointing to the wrong S3 Bucket URL for the us-gov-west-1
region.
The S3 Bucket URL in us-gov-west-1
region follows this scheme with s3-
: https://[name]-oidc.s3-us-gov-west-1.amazonaws.com
whereas, the Identity Provider provisioned by the ccoctl
tool used this hostname scheme with s3.
: https://[name]-oidc.s3.us-gov-west-1.amazonaws.com
I hope that helps. ๐ค
Thanks again for this wonderful tool ๐
@zhao-li Thanks for the report, I will transfer it to a bug in our jira! Is the specific issue that the Identity Provider in AWS uses the wrong URL for the bucket? Was the S3 bucket URL wrong in any other places such as in the cluster authentication
object?
@zhao-li Thanks for the report, I will transfer it to a bug in our jira! Is the specific issue that the Identity Provider in AWS uses the wrong URL for the bucket? Was the S3 bucket URL wrong in any other places such as in the cluster
authentication
object?
@abutcher yup, the Identity Provider is created using the wrong URL for the provider property, which should be the S3 bucket URL.
I am not 100% sure what the cluster authentication
object is, but I am guessing you are referring to the manifest file named cluster-authentication-02-config.yaml
(I'll have to check to exact file name when I get back to my desk next week.). If that's, what you mean, then yes, the URL specified there is inconsistent as well.
Thank you for looking into this issue and please let me know if there's any other details I can help clarify.
Take care and good luck ๐๐
JIRA ticket is https://issues.redhat.com/browse/OCPBUGS-15840.
This issue can be closed after this discussion: https://issues.redhat.com/browse/OCPBUGS-15840?focusedId=22610896&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-22610896