-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
4.17
-
None
-
None
-
False
-
Description of problem:
Required roles for the installer may not be complete
Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
1. Create a GCP service account for the IPI deployment.
2. Add the roles to that account listed in the docs.
3. Start a deployment.
Actual results:
INFO Credentials loaded from gcloud CLI defaults WARNING Missing permissions to fetch Quotas and therefore will skip checking them: failed to load quota limits: googleapi: Error 403: Permission denied to get quota on service [compute.googleapis.com] WARNING Help Token: Ab6lFGfvlyUkqH0ko3xOu-zJqNXRsFjOB5Xkrx9PQvSlvLQOwvQN8mzA2f28V1CmEe4eJb1hO7dMIngtnKEywTcW39xlGxtxavqOuEoYRNX0vnMD WARNING Details: WARNING [ WARNING { WARNING "@type": "type.googleapis.com/google.rpc.PreconditionFailure", WARNING "violations": [ WARNING { WARNING "subject": "?error_code=110002\u0026service=serviceusage.googleapis.com\u0026permission=serviceusage.quotas.get\u0026resource=projects/openenv-d9nq6", WARNING "type": "googleapis.com" WARNING } WARNING ] WARNING }, WARNING { WARNING "@type": "type.googleapis.com/google.rpc.ErrorInfo", WARNING "domain": "serviceusage.googleapis.com", WARNING "metadata": { WARNING "permission": "serviceusage.quotas.get", WARNING "resource": "projects/openenv-d9nq6", WARNING "service": "serviceusage.googleapis.com" WARNING }, WARNING "reason": "AUTH_PERMISSION_DENIED" WARNING } WARNING ] WARNING , forbidden, make sure you have `roles/servicemanagement.quotaViewer` assigned to the user.
Expected results:
Install succeeds.
Additional info:
Apparently the quotaViewer role is needed. The documentation should mention that.
