Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-35222

aws: do not require s3:Delete* perms if `preserveBootstrapIgnition` is set

XMLWordPrintable

    • No
    • False
    • Hide

      None

      Show
      None
    • Hide
      What: s3:Delete* permissions are always required even when `preserveBootstrapIgnition` option is set.
      Fix: only require s3:DeleteBucket, s3:DeleteObject permissions if `preserveBootstrapIgnition` is not set.
      Show
      What: s3:Delete* permissions are always required even when `preserveBootstrapIgnition` option is set. Fix: only require s3:DeleteBucket, s3:DeleteObject permissions if `preserveBootstrapIgnition` is not set.
    • Bug Fix
    • In Progress

      This is a clone of issue OCPBUGS-35044. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-33662. The following is the description of the original issue:

      Description of problem:

          We should not require the s3:DeleteObject permission for installs when the `preserveBootstrapIgnition` option is set in the install-config.

      Version-Release number of selected component (if applicable):

          4.14+

      How reproducible:

          always

      Steps to Reproduce:

          1. Use an account without the permission
          2. Set `preserveBootstrapIgnition: true` in the install-config.yaml
          3. Try to deploy a cluster
          

      Actual results:

      INFO Credentials loaded from the "denys3" profile in file "/home/cloud-user/.aws/credentials"
      INFO Consuming Install Config from target directory
      WARNING Action not allowed with tested creds          action=s3:DeleteBucket
      WARNING Action not allowed with tested creds          action=s3:DeleteObject
      WARNING Action not allowed with tested creds          action=s3:DeleteObject
      WARNING Tested creds not able to perform all requested actions
      FATAL failed to fetch Cluster: failed to fetch dependency of "Cluster": failed to generate asset "Platform Permissions Check": validate AWS credentials: current credentials insufficient for performing cluster installation
      

      Expected results:

          No permission errors.

      Additional info:

          

              rdossant Rafael Fonseca dos Santos
              openshift-crt-jira-prow OpenShift Prow Bot
              Gaoyun Pei Gaoyun Pei
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: