Bug 2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)
Summary: GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.go...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.10
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.10.0
Assignee: Joel Speed
QA Contact: sunzhaohua
URL:
Whiteboard:
Depends On: 2021731
Blocks: 2022813
TreeView+ depends on / blocked
 
Reported: 2021-12-13 15:27 UTC by Joel Diaz
Modified: 2022-03-12 04:39 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2021731
Environment:
Last Closed: 2022-03-12 04:39:26 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-api-operator pull 950 0 None open Bug 2031858: stop using beta pre-defined role for compute.targetPools 2021-12-13 15:28:44 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-12 04:39:46 UTC

Comment 1 Joel Diaz 2021-12-13 15:28:16 UTC
cloning the original, and using this BZ to track the work of migrating away from the beta-level IAM Role

Comment 2 sunzhaohua 2021-12-14 04:06:59 UTC
Set up cluster with cluster-bot and verfied on clusterversion 4.10.0-0.ci.test-2021-12-14-021441-ci-ln-rf82wdk-latest

The role is roles/compute.admin.
$ oc edit CredentialsRequest openshift-machine-api-gcp
spec:
  providerSpec:
    apiVersion: cloudcredential.openshift.io/v1
    kind: GCPProviderSpec
    predefinedRoles:
    - roles/compute.admin
    - roles/iam.serviceAccountUser

Comment 4 sunzhaohua 2021-12-15 08:13:51 UTC
Tested before pr merge, move to verified.

Comment 9 errata-xmlrpc 2022-03-12 04:39:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056


Note You need to log in before you can comment on or make changes to this bug.