-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.16, 4.17, 4.18
Description of problem:
Some permissions are missing when edge zones are specified in the install-config.yaml, probably those related to Carrier Gateways (but maybe more)
Version-Release number of selected component (if applicable):
4.16+
How reproducible:
always with minimal permissions
Steps to Reproduce:
1. 2. 3.
Actual results:
time="2024-11-20T22:40:58Z" level=debug msg="\tfailed to describe carrier gateways in vpc \"vpc-0bdb2ab5d111dfe52\": UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:iam::460538899914:user/ci-op-girt7h2j-4515a-minimal-perm is not authorized to perform: ec2:DescribeCarrierGateways because no identity-based policy allows the ec2:DescribeCarrierGateways action"
Expected results:
All required permissions are listed in pkg/asset/installconfig/aws/permissions.go
Additional info:
See https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_installer/9222/pull-ci-openshift-installer-master-e2e-aws-ovn-edge-zones/1859351015715770368 for a failed min-perms install
- blocks
-
OCPBUGS-46475 [aws] permissions missing for edge zones
- Verified
- is cloned by
-
OCPBUGS-46475 [aws] permissions missing for edge zones
- Verified
- is triggered by
-
CORS-3571 Introduce tests for new permissions required as presubmit tests on PRs
- Release Pending
- links to