In GCP, if you use a service account with no service principal (I have one created in the installer gce account called padillon-bad-sa-test) and try to run the survey you will get a confusing error message: # ./openshift-install create install-config ? Platform gcp ? Service Account (absolute path to file or JSON content) [Enter 2 empty lines to finish]/root/badCreds.json ? Service Account (absolute path to file or JSON content) /root/badCreds.json INFO Saving the credentials to "/root/.gcp/osServiceAccount.json" FATAL failed to fetch Install Config: failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": please provide options to select from We need to improve this error message.
>Create a service-account and a key for the testing: $ gcloud iam service-accounts create jiwei-bug2103236 --display-name="jiwei-bug2103236" Created service account [jiwei-bug2103236]. $ gcloud iam service-accounts keys create service-account-key.json --iam-account=jiwei-bug2103236.gserviceaccount.com created key [370e3145237bebe8c5211092cb2f0df2246ff24e] of type [json] as [service-account-key.json] for [jiwei-bug2103236.gserviceaccount.com] $ gcloud projects get-iam-policy openshift-qe --flatten="bindings[].members" --format="table(bindings.role)" --filter="bindings.members:jiwei-bug2103236.gserviceaccount.com" $ >Re-created the issue with older version: [cloud-user@jiwei-0712-03-rhel8-mirror ~]$ ./openshift-install version ./openshift-install 4.11.0-0.nightly-2022-07-06-062815 built from commit b2e7be726e400022e71ef3b8bd01a2093e53bc5a release image registry.ci.openshift.org/ocp/release@sha256:4ae13c0e064cf59caa9869107e1c0a6a99820796937213938b01eca3966ac57a release architecture amd64 [cloud-user@jiwei-0712-03-rhel8-mirror ~]$ ./openshift-install create install-config ? Platform gcp INFO Credentials loaded from file "/home/cloud-user/.gcp/osServiceAccount.json" FATAL failed to fetch Install Config: failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": please provide options to select from [cloud-user@jiwei-0712-03-rhel8-mirror ~]$ >Verified the issue with 4.12.0-0.nightly-2022-07-11-054352: [cloud-user@jiwei-0712-03-rhel8-mirror ~]$ ./openshift-install version ./openshift-install 4.12.0-0.nightly-2022-07-11-054352 built from commit 8879e19b4cb0256686a573f842363186f30f0ed7 release image registry.ci.openshift.org/ocp/release@sha256:e7f48276819b351a005ae69882ddcebf21c35abec633cf935f5a4a245a8c2161 release architecture amd64 [cloud-user@jiwei-0712-03-rhel8-mirror ~]$ ./openshift-install create install-config ? Platform gcp INFO Credentials loaded from file "/home/cloud-user/.gcp/osServiceAccount.json" FATAL failed to fetch Install Config: failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": failed to get projects for the given service principal, please check your permissions [cloud-user@jiwei-0712-03-rhel8-mirror ~]$
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399