Bug 1830995 - MasterIamRole requires elasticloadbalancing:ModifyTargetGroupAttributes and couple other Describe rules
Summary: MasterIamRole requires elasticloadbalancing:ModifyTargetGroupAttributes and c...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.5
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
: 4.5.0
Assignee: Stephen Cuppett
QA Contact: Yunfei Jiang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-05-04 13:17 UTC by Stephen Cuppett
Modified: 2021-03-09 12:23 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-07-13 17:34:39 UTC
Target Upstream Version:
Embargoed:
scuppett: needinfo-
scuppett: needinfo-


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 3540 0 None closed Bug 1830995: Add ModifyTargetGroupAttributes and Describe* to MasterIamRole 2020-12-08 09:39:30 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:34:57 UTC

Description Stephen Cuppett 2020-05-04 13:17:51 UTC
Description of problem:

As reported by account team working with this change, the following permissions are also observed needed on MasterIamRole when modifying default ingress to be internal:

"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInternetGateways",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:ModifyTargetGroupAttributes",

Version-Release number of the following components:

OpenShift 4.5

How reproducible:

Always

Steps to Reproduce:
1. Install 4.5
2. Attempt to convert ingress to internal
3. Doesn't take.

Actual results:

No internal ingress is rendered.

Expected results:

It should.

Additional info:

Comment 6 errata-xmlrpc 2020-07-13 17:34:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.