Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not require account ID from user #216

Open
akostadinov opened this issue Jan 21, 2021 · 2 comments
Open

Do not require account ID from user #216

akostadinov opened this issue Jan 21, 2021 · 2 comments

Comments

@akostadinov
Copy link

Hi, asking the user to provide account ID is an unnecessary complication. Only access and secret keys should be enough to obtain all necessary information. Using a standard awscred file like aws-cli will make a lot of sense here.

Obtaining account by access keys should be easy:
https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html
@akostadinov akostadinov mentioned this issue Jan 21, 2021
Merged
@igoihman
Copy link

igoihman commented Jan 25, 2021
edited
Loading

Hi @akostadinov and thank you for the input. OCM provides the Account ID to the accountClaim CRD (more info in https://github.com/openshift/aws-account-operator ) in order to setup the account for OSD CCS clusters.
As this is a hard requirement in one of OCM dependencies we can't remove this field.

@akostadinov
Copy link
Author

@igoihman , my suggestion is for OCM to obtain the account ID using the provided access and secure keys, then provide it to whatever CRD or other component needs it.

If OCM does not verify this account id, it may also be a bug in the system with unknown consequences.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akostadinov @igoihman