-
Bug
-
Resolution: Obsolete
-
Normal
-
None
-
4.19.0
-
None
Description of problem:
OCPBUGS-54302 added the permission to list/view all keys. Now that the keys can be found, the keys should be used for encryption. The permission is: cloudkms.cryptoKeyVersions.useToEncrypt
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
DEBUG E0407 09:40:12.503560 49821 controller.go:329] "Reconciler error" err="googleapi: Error 400: Cloud KMS error when using key projects/openshift-dev-installer/locations/global/keyRings/bbarbach-test-keyring/cryptoKeys/bbarbach-test-key: Permission 'cloudkms.cryptoKeyVersions.useToEncrypt' denied on resource 'projects/openshift-dev-installer/locations/global/keyRings/bbarbach-test-keyring/cryptoKeys/bbarbach-test-key' (or it may not exist)., kmsPermissionDenied" controller="gcpmachine" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="GCPMachine" GCPMachine="openshift-cluster-api-guests/bbarbach-gcp-test-62zx9-master-0" namespace="openshift-cluster-api-guests" name="bbarbach-gcp-test-62zx9-master-0" reconcileID="28c85972-d4b0-4cdc-9b91-1a6c74b980e6"
Expected results:
Pass
Additional info:
- relates to
-
-
- MODIFIED
-