-
Bug
-
Resolution: Done-Errata
-
Normal
-
None
-
4.16, 4.17
Description of problem:
The Installer still requires permissions to create and delete IAM roles even when the users brings existing roles.
Version-Release number of selected component (if applicable):
4.16+
How reproducible:
always
Steps to Reproduce:
1. Specify existing IAM role in the install-config 2. 3.
Actual results:
The following permissions are required even though they are not used: "iam:CreateRole", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:PutRolePolicy", "iam:TagInstanceProfile"
Expected results:
Only actually needed permissions are required.
Additional info:
I think this is tech debt from when roles were not tagged. The fix will kind of revert https://github.com/openshift/installer/pull/5286
- blocks
-
OCPBUGS-37494 [aws] "create" iam role permissions required even when BYO role
- Closed
- causes
-
OCPBUGS-37687 [aws] "create" iam role permissions is optional
- Verified
- is cloned by
-
OCPBUGS-37494 [aws] "create" iam role permissions required even when BYO role
- Closed
- links to
-
RHEA-2024:3718 OpenShift Container Platform 4.17.z bug fix update