-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.19.0
Description of problem:
See https://issues.redhat.com/browse/OCPBUGS-52203 for more information. The solution will require the user to have the `cloudkms.keyRings.list` permissions when they provide a KMS key ring in the installconfig.
Version-Release number of selected component (if applicable):
How reproducible:
always
Steps to Reproduce:
1. $ yq-3.3.0 r test6/install-config.yaml platform
gcp:
projectID: openshift-qe
region: us-central1
defaultMachinePlatform:
osDisk:
encryptionKey:
kmsKey:
keyRing: openshiftqe
location: global
name: openshiftqe
projectID: openshift-qe
kmsKeyServiceAccount: aos-qe-serviceaccount@openshift-qe.iam.gserviceaccount.com
2. Run the install
Actual results:
ERROR failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: platform.gcp.defaultMachinePool.encryptionKey.kmsKey.keyRing: Invalid value: "openshiftqe": failed to iterate through list of kms keyrings: googleapi: Error 403: Permission 'cloudkms.keyRings.list' denied on resource 'projects/openshift-qe/locations/global' (or it may not exist).
Expected results:
Determine if there is a key ring that exists.
Additional info:
- is caused by
-
-
- POST
-
- links to