Joel is this clone still valid? Both it and the original target 4.4.
We're using the parent of this BZ (1750338) to track the changes to add region info into the permissions simulations, so perhaps this can be used for the non-master PR that will be coming shortly. Scott, WDYT?
SGTM, shuffled papers.
Verified this bug with 4.3.3-x86_64, and passed. Create IAM policy like the following: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" }, { "Effect": "Deny", "Action": [ "ec2:Create*", "ec2:Run*", "eks:Create*", "rds:Create*", "es:Create*", "lambda:Create*" ], "Resource": [ "*" ], "Condition": { "StringNotEquals": { "aws:RequestedRegion": "us-east-2" } } } ] } Create a aws ueser attach it to the user, run the following testing using this user. [root@preserve-jialiu-ansible ~]# cp ipi_template/install-config.yaml.aws demo6/install-config.yaml [root@preserve-jialiu-ansible ~]# openshift-install create ignition-configs --dir demo6 INFO Consuming Install Config from target directory WARNING Action not allowed with tested creds action="ec2:CreateNetworkInterface" WARNING Action not allowed with tested creds action="ec2:CreateSecurityGroup" WARNING Action not allowed with tested creds action="ec2:CreateTags" WARNING Action not allowed with tested creds action="ec2:CreateVolume" WARNING Action not allowed with tested creds action="ec2:RunInstances" WARNING Action not allowed with tested creds action="ec2:CreateDhcpOptions" WARNING Action not allowed with tested creds action="ec2:CreateInternetGateway" WARNING Action not allowed with tested creds action="ec2:CreateNatGateway" WARNING Action not allowed with tested creds action="ec2:CreateRoute" WARNING Action not allowed with tested creds action="ec2:CreateRouteTable" WARNING Action not allowed with tested creds action="ec2:CreateSubnet" WARNING Action not allowed with tested creds action="ec2:CreateVpc" WARNING Action not allowed with tested creds action="ec2:CreateVpcEndpoint" WARNING Tested creds not able to perform all requested actions FATAL failed to fetch Bootstrap Ignition Config: failed to fetch dependency of "Bootstrap Ignition Config": failed to fetch dependency of "Master Machines": failed to generate asset "Platform Credentials Check": validate AWS credentials: current credentials insufficient for performing cluster installation [root@preserve-jialiu-ansible ~]# rm -rf demo6 [root@preserve-jialiu-ansible ~]# mkdir demo6 [root@preserve-jialiu-ansible ~]# cp ipi_template/install-config.yaml.aws demo6/install-config.yaml [root@preserve-jialiu-ansible ~]# openshift-install version openshift-install 4.3.3 built from commit c7325a3c6045c7f4c8f1ac98d037ffca919be05a release image quay.io/openshift-release-dev/ocp-release@sha256:9b8708b67dd9b7720cb7ab3ed6d12c394f689cc8927df0e727c76809ab383f44 [root@preserve-jialiu-ansible ~]# openshift-install create ignition-configs --dir demo6 INFO Consuming Install Config from target directory [root@preserve-jialiu-ansible ~]# openshift-install create cluster --dir demo6 INFO Consuming Worker Ignition Config from target directory INFO Consuming Master Ignition Config from target directory INFO Consuming Bootstrap Ignition Config from target directory INFO Creating infrastructure resources... INFO Waiting up to 30m0s for the Kubernetes API at https://api.jialiu.qe.devcluster.openshift.com:6443... INFO API v1.16.2 up INFO Waiting up to 30m0s for bootstrapping to complete... INFO Destroying the bootstrap resources... INFO Waiting up to 30m0s for the cluster at https://api.jialiu.qe.devcluster.openshift.com:6443 to initialize...
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0528
*** Bug 1815331 has been marked as a duplicate of this bug. ***