S3 Bucket URLs and Identity Provider URLs are mismatched for us-gov-west-1 region

Question

S3 Bucket URLs and Identity Provider URLs are mismatched for us-gov-west-1 region

zhao-li opened this issue a year ago · 5 comments

Hi OpenShift Team,

Thank you for making this utility to help with installing OpenShift on AWS.

When I was running through this tutorial: https://docs.openshift.com/container-platform/4.12/authentication/managing_cloud_provider_credentials/cco-mode-sts.html#cco-ccoctl-configuring_cco-mode-sts

I encountered a bug where the Identity Provider was pointing to the wrong S3 Bucket URL for the us-gov-west-1 region.

The S3 Bucket URL in us-gov-west-1 region follows this scheme with s3-: https://[name]-oidc.s3-us-gov-west-1.amazonaws.com
whereas, the Identity Provider provisioned by the ccoctl tool used this hostname scheme with s3.: https://[name]-oidc.s3.us-gov-west-1.amazonaws.com

I hope that helps. 🤞

Thanks again for this wonderful tool 🙏

Answer 1 · 2023-06-30T20:16:44.000Z

@zhao-li Thanks for the report!

@jstuever @abutcher @dlom : Please mirror to Jira if action is needed.

Answer 2 · 2023-07-05T19:15:45.000Z

@zhao-li Thanks for the report, I will transfer it to a bug in our jira! Is the specific issue that the Identity Provider in AWS uses the wrong URL for the bucket? Was the S3 bucket URL wrong in any other places such as in the cluster authentication object?

Answer 3 · 2023-07-05T20:09:03.000Z

@zhao-li Thanks for the report, I will transfer it to a bug in our jira! Is the specific issue that the Identity Provider in AWS uses the wrong URL for the bucket? Was the S3 bucket URL wrong in any other places such as in the cluster authentication object?

@abutcher yup, the Identity Provider is created using the wrong URL for the provider property, which should be the S3 bucket URL.

I am not 100% sure what the cluster authentication object is, but I am guessing you are referring to the manifest file named cluster-authentication-02-config.yaml (I'll have to check to exact file name when I get back to my desk next week.). If that's, what you mean, then yes, the URL specified there is inconsistent as well.

Thank you for looking into this issue and please let me know if there's any other details I can help clarify.

Take care and good luck 🙏🍀

Answer 4 · 2023-07-05T20:14:25.000Z

JIRA ticket is https://issues.redhat.com/browse/OCPBUGS-15840.

Answer 5 · 2023-07-13T07:31:05.000Z

This issue can be closed after this discussion: https://issues.redhat.com/browse/OCPBUGS-15840?focusedId=22610896&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-22610896