Bug 1839268
Summary: | GCP destroy is leaking cluster created service accounts and project iam bindings | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Abhinav Dahiya <adahiya> |
Component: | Installer | Assignee: | Abhinav Dahiya <adahiya> |
Installer sub component: | openshift-installer | QA Contact: | Yang Yang <yanyang> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | high | CC: | gpei |
Version: | 4.5 | ||
Target Milestone: | --- | ||
Target Release: | 4.5.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-13 17:41:26 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Abhinav Dahiya
2020-05-22 22:47:59 UTC
Hi Abhinav, I'm trying to reproduce it with 4.5.0-0.nightly-2020-05-22-062554, but cluster destroy does not leak service accounts. What scenario did you find the issue in? level=debug msg="Listing service accounts" level=debug msg="Found service account: projects/openshift-qe/serviceAccounts/yangya-bk2dh-openshift-i-q4p9v.gserviceaccount.com" level=debug msg="Found service account: projects/openshift-qe/serviceAccounts/yangya-bk2dh-m.gserviceaccount.com" level=debug msg="Found service account: projects/openshift-qe/serviceAccounts/yangya-bk2dh-openshift-m-tpq7n.gserviceaccount.com" level=debug msg="Found service account: projects/openshift-qe/serviceAccounts/yangya-bk2dh-w.gserviceaccount.com" level=debug msg="Found service account: projects/openshift-qe/serviceAccounts/yangya-bk2dh-openshift-i-tc59p.gserviceaccount.com" level=debug msg="Deleting service account projects/openshift-qe/serviceAccounts/yangya-bk2dh-openshift-i-q4p9v.gserviceaccount.com" level=info msg="Deleted service account projects/openshift-qe/serviceAccounts/yangya-bk2dh-openshift-i-q4p9v.gserviceaccount.com" level=debug msg="Deleting service account projects/openshift-qe/serviceAccounts/yangya-bk2dh-m.gserviceaccount.com" level=info msg="Deleted service account projects/openshift-qe/serviceAccounts/yangya-bk2dh-m.gserviceaccount.com" level=debug msg="Deleting service account projects/openshift-qe/serviceAccounts/yangya-bk2dh-openshift-m-tpq7n.gserviceaccount.com" level=info msg="Deleted service account projects/openshift-qe/serviceAccounts/yangya-bk2dh-openshift-m-tpq7n.gserviceaccount.com" level=debug msg="Deleting service account projects/openshift-qe/serviceAccounts/yangya-bk2dh-w.gserviceaccount.com" level=info msg="Deleted service account projects/openshift-qe/serviceAccounts/yangya-bk2dh-w.gserviceaccount.com" level=debug msg="Deleting service account projects/openshift-qe/serviceAccounts/yangya-bk2dh-openshift-i-tc59p.gserviceaccount.com" level=info msg="Deleted service account projects/openshift-qe/serviceAccounts/yangya-bk2dh-openshift-i-tc59p.gserviceaccount.com" level=debug msg="Fetching project IAM policy" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-m.gserviceaccount.com from role roles/compute.instanceAdmin" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-openshift-m-tpq7n.gserviceaccount.com from role roles/compute.instanceAdmin.v1" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-openshift-m-tpq7n.gserviceaccount.com from role roles/compute.loadBalancerAdmin" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-m.gserviceaccount.com from role roles/compute.networkAdmin" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-m.gserviceaccount.com from role roles/compute.securityAdmin" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-w.gserviceaccount.com from role roles/compute.viewer" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-openshift-i-tc59p.gserviceaccount.com from role roles/dns.admin" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-m.gserviceaccount.com from role roles/iam.serviceAccountUser" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-openshift-i-q4p9v.gserviceaccount.com from role roles/iam.serviceAccountUser" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-openshift-m-tpq7n.gserviceaccount.com from role roles/iam.serviceAccountUser" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-m.gserviceaccount.com from role roles/storage.admin" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-openshift-i-q4p9v.gserviceaccount.com from role roles/storage.admin" level=debug msg="IAM: removing serviceAccount:yangya-bk2dh-w.gserviceaccount.com from role roles/storage.admin" level=debug msg="Setting project IAM policy" level=debug msg="Policy bindings: 1 items pending" Trying to verify with 4.5.0-0.nightly-2020-05-24-223848, cluster destroy deletes all service accounts. level=debug msg="Listing service accounts" level=debug msg="Found service account: projects/openshift-qe/serviceAccounts/yangyang1837-openshift-i-vvq8b.gserviceaccount.com" level=debug msg="Found service account: projects/openshift-qe/serviceAccounts/yangyang1837-openshift-i-2lpxp.gserviceaccount.com" level=debug msg="Found service account: projects/openshift-qe/serviceAccounts/yangyang1837642-dxzpm-m.gserviceaccount.com" level=debug msg="Found service account: projects/openshift-qe/serviceAccounts/yangyang1837642-dxzpm-w.gserviceaccount.com" level=debug msg="Found service account: projects/openshift-qe/serviceAccounts/yangyang1837-openshift-m-tlhrf.gserviceaccount.com" level=debug msg="Deleting service account projects/openshift-qe/serviceAccounts/yangyang1837-openshift-i-vvq8b.gserviceaccount.com" level=info msg="Deleted service account projects/openshift-qe/serviceAccounts/yangyang1837-openshift-i-vvq8b.gserviceaccount.com" level=debug msg="Deleting service account projects/openshift-qe/serviceAccounts/yangyang1837-openshift-i-2lpxp.gserviceaccount.com" level=info msg="Deleted service account projects/openshift-qe/serviceAccounts/yangyang1837-openshift-i-2lpxp.gserviceaccount.com" level=debug msg="Deleting service account projects/openshift-qe/serviceAccounts/yangyang1837642-dxzpm-m.gserviceaccount.com" level=info msg="Deleted service account projects/openshift-qe/serviceAccounts/yangyang1837642-dxzpm-m.gserviceaccount.com" level=debug msg="Deleting service account projects/openshift-qe/serviceAccounts/yangyang1837642-dxzpm-w.gserviceaccount.com" level=info msg="Deleted service account projects/openshift-qe/serviceAccounts/yangyang1837642-dxzpm-w.gserviceaccount.com" level=debug msg="Deleting service account projects/openshift-qe/serviceAccounts/yangyang1837-openshift-m-tlhrf.gserviceaccount.com" level=info msg="Deleted service account projects/openshift-qe/serviceAccounts/yangyang1837-openshift-m-tlhrf.gserviceaccount.com" level=debug msg="Fetching project IAM policy" level=debug msg="IAM: removing serviceAccount:yangyang1837642-dxzpm-m.gserviceaccount.com from role roles/compute.instanceAdmin" level=debug msg="IAM: removing serviceAccount:yangyang1837-openshift-m-tlhrf.gserviceaccount.com from role roles/compute.instanceAdmin.v1" level=debug msg="IAM: removing serviceAccount:yangyang1837-openshift-m-tlhrf.gserviceaccount.com from role roles/compute.loadBalancerAdmin" level=debug msg="IAM: removing serviceAccount:yangyang1837642-dxzpm-m.gserviceaccount.com from role roles/compute.networkAdmin" level=debug msg="IAM: removing serviceAccount:yangyang1837642-dxzpm-m.gserviceaccount.com from role roles/compute.securityAdmin" level=debug msg="IAM: removing serviceAccount:yangyang1837642-dxzpm-w.gserviceaccount.com from role roles/compute.viewer" level=debug msg="IAM: removing serviceAccount:yangyang1837-openshift-i-2lpxp.gserviceaccount.com from role roles/dns.admin" level=debug msg="IAM: removing serviceAccount:yangyang1837-openshift-i-vvq8b.gserviceaccount.com from role roles/iam.serviceAccountUser" level=debug msg="IAM: removing serviceAccount:yangyang1837-openshift-m-tlhrf.gserviceaccount.com from role roles/iam.serviceAccountUser" level=debug msg="IAM: removing serviceAccount:yangyang1837642-dxzpm-m.gserviceaccount.com from role roles/iam.serviceAccountUser" level=debug msg="IAM: removing serviceAccount:yangyang1837-openshift-i-vvq8b.gserviceaccount.com from role roles/storage.admin" level=debug msg="IAM: removing serviceAccount:yangyang1837642-dxzpm-m.gserviceaccount.com from role roles/storage.admin" level=debug msg="IAM: removing serviceAccount:yangyang1837642-dxzpm-w.gserviceaccount.com from role roles/storage.admin" level=debug msg="Setting project IAM policy" level=debug msg="Policy bindings: 1 items pending" level=debug msg="Fetching project IAM policy" level=info msg="Deleted IAM project role bindings" Moving it to verified state as I do not experience the issue recently. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |