Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.14.z
Component/s: Installer / openshift-installer
Labels:
- triaged

Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
What: s3:Delete* permissions are always required even when `preserveBootstrapIgnition` option is set.
Fix: only require s3:DeleteBucket, s3:DeleteObject permissions if `preserveBootstrapIgnition` is not set.

Show
What: s3:Delete* permissions are always required even when `preserveBootstrapIgnition` option is set. Fix: only require s3:DeleteBucket, s3:DeleteObject permissions if `preserveBootstrapIgnition` is not set.
Release Note Type:
Bug Fix
Release Note Status:
In Progress
Target Version:

4.17.0
Target Backport Versions:

4.14.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

    We should not require the s3:DeleteObject permission for installs when the `preserveBootstrapIgnition` option is set in the install-config.

Version-Release number of selected component (if applicable):

    4.14+

How reproducible:

    always

Steps to Reproduce:

    1. Use an account without the permission
    2. Set `preserveBootstrapIgnition: true` in the install-config.yaml
    3. Try to deploy a cluster

Actual results:

INFO Credentials loaded from the "denys3" profile in file "/home/cloud-user/.aws/credentials"
INFO Consuming Install Config from target directory
WARNING Action not allowed with tested creds          action=s3:DeleteBucket
WARNING Action not allowed with tested creds          action=s3:DeleteObject
WARNING Action not allowed with tested creds          action=s3:DeleteObject
WARNING Tested creds not able to perform all requested actions
FATAL failed to fetch Cluster: failed to fetch dependency of "Cluster": failed to generate asset "Platform Permissions Check": validate AWS credentials: current credentials insufficient for performing cluster installation

Expected results:

    No permission errors.

Additional info:

blocks

OCPBUGS-33509 [AWS CAPI install] "platform.aws.preserveBootstrapIgnition: true" does not work.

Closed

OCPBUGS-35044 aws: do not require s3:Delete* perms if `preserveBootstrapIgnition` is set

Closed

is cloned by

OCPBUGS-35044 aws: do not require s3:Delete* perms if `preserveBootstrapIgnition` is set

Closed

is related to

CORS-2890 Provision AWS with CAPI (no mgmt cluster)

Testing

OCPBUGS-26016 [enterprise-4.14] Issue in file installing/installing_aws/installing-aws-user-infra.adoc

Closed

links to

openshift/installer#8410: OCPBUGS-33662: aws: don't always require s3:Delete* permissions

openshift/installer#8560: OCPBUGS-33662: aws: don't always require s3:Delete* permissions

(2 links to)

Assignee:: Rafael Fonseca dos Santos

Reporter:: Rafael Fonseca dos Santos

QA Contact:: Yunfei Jiang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/05/14 6:08 PM

Updated:: 2024/06/14 2:20 PM

Resolved:: 2024/06/14 2:20 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates