From c9dc139544208192ec2dd31ef0d1e82bf458f11b Mon Sep 17 00:00:00 2001 From: Eric Ponvelle Date: Tue, 6 Dec 2022 09:09:25 -0500 Subject: [PATCH] OSDOCS-4265: Updates some ROSA cli items for CloudFront --- modules/rosa-deleting-cluster.adoc | 4 ++-- ...s-creating-a-cluster-with-customizations-cli.adoc | 6 +++++- modules/rosa-sts-oidc-provider-command.adoc | 7 ++++--- .../rosa-sts-creating-a-cluster-quickly.adoc | 2 +- snippets/oidc-cloudfront.adoc | 12 ++++++++++++ 5 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 snippets/oidc-cloudfront.adoc diff --git a/modules/rosa-deleting-cluster.adoc b/modules/rosa-deleting-cluster.adoc index f7acd829af..0a6c7b7e45 100644 --- a/modules/rosa-deleting-cluster.adoc +++ b/modules/rosa-deleting-cluster.adoc @@ -70,11 +70,11 @@ State: ready Private: No Created: May 13 2022 11:26:15 UTC Details Page: https://console.redhat.com/openshift/details/s/296kyEFwzoy1CREQicFRdZybrc0 -OIDC Endpoint URL: https://rh-oidc.s3.us-east-1.amazonaws.com/1s5v4k39lhm8sm59m90mi0822o31844a <3> +OIDC Endpoint URL: https://oidc.op1.openshiftapps.com/ <3> ---- <1> Lists the cluster ID. <2> Specifies the ARNs for the cluster-specific Operator roles. For example, in the sample output the ARN for the role required by the Machine Config Operator is `arn:aws:iam:::role/mycluster-x4q9-openshift-machine-api-aws-cloud-credentials`. -<3> Specifies the endpoint URL for the cluster-specific OIDC provider. +<3> Displays the endpoint URL for the cluster-specific OIDC provider. + [IMPORTANT] ==== diff --git a/modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc b/modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc index de38c2ab5f..710ed70833 100644 --- a/modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc +++ b/modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc @@ -396,9 +396,13 @@ State: ready Private: No Created: Oct 1 2021 08:12:25 UTC Details Page: https://console.redhat.com/openshift/details/s/ -OIDC Endpoint URL: https://rh-oidc.s3..amazonaws.com/ +OIDC Endpoint URL: https://oidc.op1.openshiftapps.com/| \ <1> ---- + +-- +1. The endpoint URL depends on the BYO OIDC configuration. If you are pre-creating the OIDC configuration, the URL ends with the `` value; otherwise, the URL ends with the `` value. +-- ++ The following `State` field changes are listed in the output as the cluster installation progresses: + * `waiting (Waiting for OIDC configuration)` diff --git a/modules/rosa-sts-oidc-provider-command.adoc b/modules/rosa-sts-oidc-provider-command.adoc index fe975a6fad..e2a072d447 100644 --- a/modules/rosa-sts-oidc-provider-command.adoc +++ b/modules/rosa-sts-oidc-provider-command.adoc @@ -32,11 +32,12 @@ When using `manual` mode, the `aws` command is printed to the terminal for your [source,terminal] ---- aws iam create-open-id-connect-provider \ - --url https://rh-oidc.s3..amazonaws.com/ \ + --url https://oidc.op1.openshiftapps.com/ \// <1> --client-id-list openshift sts..amazonaws.com \ - --thumbprint-list <1> + --thumbprint-list <2> ---- -<1> The thumbprint is generated automatically when you run the `rosa create oidc-provider` command. For more information about using thumbprints with AWS Identity and Access Management (IAM) OpenID Connect (OIDC) identity providers, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html[the AWS documentation]. +<1> The URL used to reach the OpenID Connect (OIDC) identity provider after the cluster is created. +<2> The thumbprint is generated automatically when you run the `rosa create oidc-provider` command. For more information about using thumbprints with AWS Identity and Access Management (IAM) OIDC identity providers, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html[the AWS documentation]. ** Registered OIDC configurations use an OIDC configuration ID. Run the following command with your OIDC configuration ID: + diff --git a/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc b/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc index de401e03e6..e581615ed8 100644 --- a/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc +++ b/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc @@ -21,7 +21,7 @@ Alternatively, you can use `manual` mode, which outputs the `aws` commands neede .Next steps * Ensure that you have completed the xref:../rosa_planning/rosa-sts-aws-prereqs.adoc[AWS prerequisites]. - +include::snippets/oidc-cloudfront.adoc[] include::modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc[leveloffset=+1] include::modules/rosa-sts-understanding-aws-account-association.adoc[leveloffset=+1] diff --git a/snippets/oidc-cloudfront.adoc b/snippets/oidc-cloudfront.adoc new file mode 100644 index 0000000000..10016765a5 --- /dev/null +++ b/snippets/oidc-cloudfront.adoc @@ -0,0 +1,12 @@ + +//This snippet appears in the following assemblies: +// +// * ../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc + +:_content-type: SNIPPET +[NOTE] +==== +ROSA CLI 1.2.7 introduces changes to the OIDC provider endpoint URL format for new clusters. {product-title} cluster OIDC provider URLs are no longer regional. The AWS CloudFront implementation provides improved access speed and resiliency and reduces latency. + +Because this change is only available to new clusters created by using ROSA CLI 1.2.7 or later, existing OIDC-provider configurations do not have any supported migration paths. +==== \ No newline at end of file