-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.18.0
Description of problem:
GCP Short lived credentials does not fill out certain fields in the GCP structure. This causes failures when creating resources such as signed urls. In order to create these resources the user should add the role Service Account User which has the permission "iam.serviceAccounts.signBlob".
Version-Release number of selected component (if applicable):
4.17
How reproducible:
Always
Steps to Reproduce:
1. 2. 3.
Actual results:
time="2024-08-15T19:34:26Z" level=fatal msg="failed to fetch Cluster Infrastructure Variables: failed to generate asset \"Cluster Infrastructure Variables\": failed to provision gcp bootstrap storage resources: failed to create a signed url: unable to sign bytes: googleapi: Error 403: Permission 'iam.serviceAccounts.signBlob' denied on resource (or it may not exist).\nDetails:\n[\n {\n \"@type\": \"type.googleapis.com/google.rpc.ErrorInfo\",\n \"domain\": \"iam.googleapis.com\",\n \"metadata\": {\n \"permission\": \"iam.serviceAccounts.signBlob\"\n },\n \"reason\": \"IAM_PERMISSION_DENIED\"\n }\n]"
Expected results:
Successful install
Additional info:
- is related to
-
OCPBUGS-37821 Installer support for GCP deployments using short-lived credential formats
- Closed
- links to
-
RHEA-2024:6122 OpenShift Container Platform 4.18.z bug fix update
(1 links to)