New GCP project setup doesn't give correct kms permissions #31992
Labels
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
sig/testing
Categorizes an issue or PR as relevant to SIG Testing.
#31863 moved the pd csi driver to some new cluster and set of projects, however it was apparently never verified that those projects actually work to run the test.
The cluster service account is missing roles/cloudkms.cryptoKeyEncrypterDecrypter.
I think a change needs to be made to k8s.io/k8s.io/infra/gcp somewhere, but with the partial migration from bash to terraform I'm not sure what to change.
For now I'll revert the change that broke our e2e test; any suggestions on how to correctly set up the cluster service account in the terraform world are welcome!
The text was updated successfully, but these errors were encountered: