Bug 1826414 - Missing user-understandable error message with GOOGLE_CREDENTIALS (Project ID) being set to invalid value
Summary: Missing user-understandable error message with GOOGLE_CREDENTIALS (Project ID...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.5
Hardware: All
OS: All
unspecified
low
Target Milestone: ---
: 4.5.0
Assignee: Aditya Narayanaswamy
QA Contact: Yang Yang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-21 15:53 UTC by Aditya Narayanaswamy
Modified: 2020-07-13 17:29 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: GCP project ID validation occurs only when the base domain information is collected. Consequence: Since it happens during base domain phase, the error message that shows up is that the system failed to collect the base domains when in reality an invalid project id was given. Fix: Changed the input type to select after fetching all the project IDs from GCP account. Result: There will not be a mistake in the select input and hence the error is avoided.
Clone Of:
Environment:
Last Closed: 2020-07-13 17:29:42 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 3484 0 None closed Bug 1826414: Added validation for GCP Project ID access 2021-01-16 15:23:10 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:29:56 UTC

Description Aditya Narayanaswamy 2020-04-21 15:53:00 UTC
Description of problem:
When the user types in a project ID to which they don't have access to, pulling the Base domains returns an error message which is not relevant to the invalid project ID received. 

How reproducible:
Frequent

Steps to Reproduce:
1.Run ./openshift-install create install-config --dir=test.
2.Enter any ssh and enter platform as GCP.
3.Enter an invalid project ID.
4.Enter any region.

Actual results:
FATAL failed to fetch Install Config: failed to fetch dependency of "Install Config": failed to generate asset "Base Domain": could not retrieve base domains: googleapi: Error 403: Cloud DNS API has not been used in project 1089730119634 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/dns.googleapis.com/overview?project=1089730119634 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured 


Expected results:
A way to stop user from giving an invalid project ID.

Comment 3 Yang Yang 2020-04-23 02:52:34 UTC
Reproduce it as below:

# openshift-install create install-config --dir=bz
? SSH Public Key  [Use arrows to move, enter to select, type to filter, ? for mo? SSH Public Key  [Use arrows to move, enter to select, type to filter, ? for mo? SSH Public Key /root/.ssh/id_rsa.pub
? Platform  [Use arrows to move, enter to select, type to filter, ? for more hel? Platform  [Use arrows to move, enter to select, type to filter, ? for more hel? Platform  [Use arrows to move, enter to select, type to filter, ? for more hel? Platform gcp
INFO Credentials loaded from file "/root/.gcp/osServiceAccount.json" 
? Project ID yy
? Region us-central1
FATAL failed to fetch Install Config: failed to fetch dependency of "Install Config": failed to generate asset "Base Domain": could not retrieve base domains: googleapi: Error 403: Cloud DNS API has not been used in project 848445115521 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/dns.googleapis.com/overview?project=848445115521 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured 

Verify it as below with 4.5.0-0.nightly-2020-04-23-011740:

1. Create install-config with interactive mode
# openshift-install create install-config --dir=bz
? SSH Public Key  [Use arrows to move, enter to select, type to filter, ? for mo? SSH Public Key  [Use arrows to move, enter to select, type to filter, ? for mo? SSH Public Key /root/.ssh/id_rsa.pub
? Platform  [Use arrows to move, enter to select, type to filter, ? for more hel? Platform  [Use arrows to move, enter to select, type to filter, ? for more hel? Platform  [Use arrows to move, enter to select, type to filter, ? for more hel? Platform gcp
INFO Credentials loaded from file "/root/.gcp/osServiceAccount.json" 
? Project ID  [Use arrows to move, enter to select, type to filter, ? for more h
? Project ID y  [Use arrows to move, enter to select, type to filter, ? for more
? Project ID yy  [Use arrows to move, enter to select, type to filter, ? for mor
? Project ID yy   [Use arrows to move, enter to select, type to filter, ? for mo
? Project ID OpenShift QE (openshift-qe)  <--- Only picking up the list of projects is allowed, user input is not allowed 
? Region us-central1
? Base Domain  [Use arrows to move, enter to select, type to filter, ? for more ? Base Domain qe.gcp.devcluster.openshift.com
? Cluster Name yy

2. Create manifest with invalid project filled in install-config.yaml

# openshift-install create manifests --dir=bz
INFO Credentials loaded from file "/root/.gcp/osServiceAccount.json" 
FATAL failed to fetch Master Machines: failed to load asset "Install Config": platform.gcp.project: Invalid value: "yy": invalid project ID 

The test results are as expected hence move it to verified state.

Comment 4 errata-xmlrpc 2020-07-13 17:29:42 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.