Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 4.21
Component/s: HyperShift / ROSA
Labels:

Activity Type:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None
Epic Link:
SPLAT-2353

Target Backport Versions:

4.21
Target Version:

4.22.0
Release Blocker:
Rejected
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

    CCM logs of hosted cluster on e2e-conformance is reporting missing the permission "" when initializing the node:

~~~
I0114 18:47:11.796435       1 node_controller.go:429] Initializing node ip-10-0-5-165.ec2.internal with cloud provider
I0114 18:47:11.896925       1 batcher.go:146] Batch processing duration: 100.34343ms
I0114 18:47:11.896992       1 batcher.go:187] Batch size for label describe_instance is 1
I0114 18:47:11.897004       1 describe_instance_batch.go:89] Batched describe instances &{<nil> [] [i-0edc8ad730e9e1559] <nil> <nil> {}}
W0114 18:47:11.993554       1 topology.go:103] Not authorized to perform: ec2:DescribeInstanceTopology, permission missing: "operation error EC2: DescribeInstanceTopology, https response error StatusCode: 403, RequestID: a3fc3319-2852-4d2b-b973-84c86ee43301, api error UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::820196288204:assumed-role/6272df330da85b76fda2-shared-role/1768416045816680711 is not authorized to perform: ec2:DescribeInstanceTopology because no identity-based policy allows the ec2:DescribeInstanceTopology action"
~~~

Version-Release number of selected component (if applicable):

    4.20+

How reproducible:

    always

Steps to Reproduce:

    1. run e2e-conformance in a presubmit job (I didnt find periodic)
    2. check the CCM logs of HC: 1991118175760027648/artifacts/e2e-conformance/dump/artifacts/namespaces/clusters-1e7f1036bbdd905fdb19/core/pods/logs/aws-cloud-controller-manager-5c54dbf678-tl4k7-cloud-controller-manager.log
    3. Query for "ode_controller.go:429] Initializing node"

Actual results:

 topology.go:103] Not authorized to perform: ec2:DescribeInstanceTopology, permission missing: "operation error EC2: DescribeInstanceTopology, https response error StatusCode: 403, RequestID: a3fc3319-2852-4d2b-b973-84c86ee43301, api error UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::820196288204:assumed-role/6272df330da85b76fda2-shared-role/1768416045816680711 is not authorized to perform: ec2:DescribeInstanceTopology because no identity-based policy allows the ec2:DescribeInstanceTopology action"

Expected results:

Additional info:

clones

OCPBUGS-65885 e2e/ccm-aws/hypershift: jobs failing while running loadbalancer tests

POST

Assignee:: Unassigned

Reporter:: Marco Braga

Need Info From:: None

Contributors:: None

QA Contact:: Jie Zhao

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2026/01/15 8:08 PM

Updated:: 2026/01/15 8:24 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates