Bug 2015133
Summary: | [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl '--resource-group-name' parameter | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Pedro Amoedo <pamoedom> |
Component: | Cloud Credential Operator | Assignee: | Nobody <nobody> |
Status: | CLOSED ERRATA | QA Contact: | wang lin <lwan> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 4.10 | CC: | lwan, mkumatag |
Target Milestone: | --- | ||
Target Release: | 4.10.0 | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-03-12 04:39:16 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Pedro Amoedo
2021-10-18 13:34:05 UTC
Additional info: This BZ was raised to properly support https://github.com/openshift/cloud-credential-operator/issues/401 Best Regards. Verified using cluster-bot image with the PR merged. 1. create a service id and key 2. using above service id key to run ccoctl create-service-id , without this fix, ccoctl will hit the following error ### $./ccoctl ibmcloud create-service-id --credentials-requests-dir ../credrequests-ibm --name lwan-ibm-svcid --output-dir ibmsecret --resource-group-name ccotest-rg Failed to getResourceGroupID: Failed to list resource groups for the name: ccotest-rg: Can not get resource groups without account id in parameter by service id token ### 3. with the fix, the creation command can succeed. ### $./ccoctl ibmcloud create-service-id --credentials-requests-dir ../credrequests-ibm --name lwan-ibm-svcid-2 --output-dir ibmsecret --resource-group-name ccotest-rg 2021/10/19 11:06:45 Saved credentials configuration to: ibmsecret/manifests/openshift-cloud-controller-manager-ibm-cloud-credentials-credentials.yaml 2021/10/19 11:06:45 Saved credentials configuration to: ibmsecret/manifests/openshift-machine-api-ibmcloud-credentials-credentials.yaml 2021/10/19 11:06:45 Saved credentials configuration to: ibmsecret/manifests/openshift-image-registry-installer-cloud-credentials-credentials.yaml 2021/10/19 11:06:45 Saved credentials configuration to: ibmsecret/manifests/openshift-ingress-operator-cloud-credentials-credentials.yaml ### 4. $ ibmcloud iam service-ids | grep lwan-ibm-svcid-2 ServiceId-04d3605c-9427-4753-96ab-9bdc88d70091 lwan-ibm-svcid-2-openshift-cloud-controller-manager-ibm-cloud-credentials 2021-10-19T03:06+0000 2021-10-19T03:06+0000 false ServiceId-2c609331-7f8b-4266-b85e-e7123894992e lwan-ibm-svcid-2-openshift-image-registry-installer-cloud-credentials 2021-10-19T03:06+0000 2021-10-19T03:06+0000 false ServiceId-5ba74172-f37c-4b21-8036-7e28a015b32d lwan-ibm-svcid-2-openshift-ingress-operator-cloud-credentials 2021-10-19T03:06+0000 2021-10-19T03:06+0000 false ServiceId-4f16c16f-5cb8-48b8-9d97-866dbf38e2df lwan-ibm-svcid-2-openshift-machine-api-ibmcloud-credentials 2021-10-19T03:06+0000 2021-10-19T03:06+0000 false move to VERIFIED manually. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |