OCPBUGS-17733: [release-4.13] remove shared VPC cred request

[patrickdillon]

Backporting credential requests has the potential of breaking upgrades, specifically if clusters are running in mint mode and have removed the root credentials during z-stream upgrades.

This commit removes the 4.13 bump to the cred request for the AWS shared VPC feature. The rest of the feature remains intact so that it can be utilized by managed services which does not depend on credential requests.

[gcs278]

/assign @gcs278

[patrickdillon]

/retitle OCPBUGS-17733: [release-4.13] remove shared VPC cred request

[patrickdillon]

/jira refresh

[openshift-ci-robot]

@patrickdillon: No Jira issue is referenced in the title of this pull request.
To reference a jira issue, add 'XYZ-NNN:' to the title of this pull request and request another refresh with /jira refresh.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@patrickdillon: This pull request references Jira Issue OCPBUGS-17733, which is invalid:

• expected Jira Issue OCPBUGS-17733 to depend on a bug targeting a version in 4.14.0 and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Backporting credential requests has the potential of breaking upgrades, specifically if clusters are running in mint mode and have removed the root credentials during z-stream upgrades.

This commit removes the 4.13 bump to the cred request for the AWS shared VPC feature. The rest of the feature remains intact so that it can be utilized by managed services which does not depend on credential requests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[patrickdillon]

This pull request references Jira Issue OCPBUGS-17733, which is invalid:

expected Jira Issue OCPBUGS-17733 to depend on a bug targeting a version in 4.14.0 and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), but no dependents were found

We will need to override this, as this bug is directly applicable to 4.13. There is no 4.14 bug.

[gcs278]

Pod pending timeout. - Something unexpected happened with CI infra.
/retest

[gcs278]

Thanks for this fix. Sounds like we are all on the same page with reverting this change. Will still need someone to apply jira/valid-bug label, but I'll approve and lgtm in preparation. CC: @Miciah
/approve
/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gcs278

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [gcs278]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Miciah]

#966 added the sts:AssumeRole permission to the CredentialsRequest, and #966 is in the 4.13.9 release. #966 is expected to cause problems on clusters that run cloud-credential-operator in mint mode where the root secret has been removed. For this reason, upgrades to 4.13.9 will be conditionally blocked for potentially impacted clusters. #972 removes the permission and is intended to ship in the next z-stream release to avoid causing these problems.
/label backport-risk-assessed

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 78a28b2 and 2 for PR HEAD fef0db0 in total

[Miciah]

e2e-aws-ovn failed, but the error is unrelated to the changes in this PR.
/override ci/prow/e2e-aws-ovn

[Miciah]

/override ci/prow/e2e-aws-ovn

[openshift-ci]

@Miciah: Overrode contexts on behalf of Miciah: ci/prow/e2e-aws-ovn

In response to this:

/override ci/prow/e2e-aws-ovn

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@Miciah: Overrode contexts on behalf of Miciah: ci/prow/e2e-aws-ovn

In response to this:

e2e-aws-ovn failed, but the error is unrelated to the changes in this PR.
/override ci/prow/e2e-aws-ovn

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@patrickdillon: Jira Issue OCPBUGS-17733: All pull requests linked via external trackers have merged:

• openshift/cluster-ingress-operator#972

Jira Issue OCPBUGS-17733 has been moved to the MODIFIED state.

In response to this:

Backporting credential requests has the potential of breaking upgrades, specifically if clusters are running in mint mode and have removed the root credentials during z-stream upgrades.

This commit removes the 4.13 bump to the cred request for the AWS shared VPC feature. The rest of the feature remains intact so that it can be utilized by managed services which does not depend on credential requests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@patrickdillon: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn-single-node	fef0db0	link	false	/test e2e-aws-ovn-single-node

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-merge-robot]

Fix included in accepted release 4.13.0-0.nightly-2023-08-24-052924