Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug 2019219] IBMCloud: Add RG IAM permissions #147

Merged
merged 1 commit into from Nov 19, 2021
Merged

[Bug 2019219] IBMCloud: Add RG IAM permissions #147

merged 1 commit into from Nov 19, 2021

Conversation

cjschaef
Copy link
Member

Add IAM permissions for ResourceGroups to the IBM Cloud
CredentialsRequests, due to changes in requirements for the IBM
Cloud CCM.

Partial: https://bugzilla.redhat.com/show_bug.cgi?id=2019219

@cjschaef
[Bug 2019219] IBMCloud: Add RG IAM permissions
ae8a9b6 
Add IAM permissions for ResourceGroups to the IBM Cloud
CredentialsRequests, due to changes in requirements for the IBM
Cloud CCM.

Partial: https://bugzilla.redhat.com/show_bug.cgi?id=2019219
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 11, 2021

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 11, 2021
@cjschaef
Copy link
Member Author

Waiting for additional bug to be fixed in IBM CCM for confirmation this additional permission is sufficient in resolving the issue.
Currently, it appears requests for RG are made, but due to bug, cannot confirm they are entirely successful

I1111 00:09:09.691072       1 ibm_vpc_loadbalancer.go:115] GetLoadBalancer(kube-ipi-dev-test-65-l5q2q-23840c6c5e074d0ba926c7165d9321fa, kubernetes)
I1111 00:09:09.691145       1 event.go:285] Event(v1.ObjectReference{Kind:"Service", Namespace:"openshift-ingress", Name:"router-default", UID:"23840c6c-5e07-4d0b-a926-c7165d9321fa", APIVersion:"v1", ResourceVersion:"13821", FieldPath:""}): type: 'Warning' reason: 'UpdatingCloudLoadBalancerFailed' Error on cloud load balancer kube-ipi-dev-test-65-l5q2q-23840c6c5e074d0ba926c7165d9321fa for service openshift-ingress/router-default with UID 23840c6c-5e07-4d0b-a926-c7165d9321fa: Failed updating LoadBalancer: GetCloudProviderVpc failed: Failed to ListResourceGroups: Can not get resource groups without account id in parameter by service id token
I1111 00:09:10.313205       1 ibm_vpc_loadbalancer.go:138] [00:09:09.7054] Entering StatusLoadBalancer(kube-ipi-dev-test-65-l5q2q-23840c6c5e074d0ba926c7165d9321fa)
I1111 00:09:10.313231       1 ibm_vpc_loadbalancer.go:138] [00:09:10.3118] Response (400): map[errors:[map[code:MISSING_ACCOUNT_ID message:Can not get resource groups without account id in parameter by service id token more_info:n/a]] trace:99884940539]
E1111 00:09:10.313238       1 ibm_vpc_loadbalancer.go:133] GetCloudProviderVpc failed: Failed to ListResourceGroups: Can not get resource groups without account id in parameter by service id token
E1111 00:09:10.313306       1 controller.go:813] failed to check if load balancer exists for service openshift-ingress/router-default: Error on cloud load balancer kube-ipi-dev-test-65-l5q2q-23840c6c5e074d0ba926c7165d9321fa for service openshift-ingress/router-default with UID 23840c6c-5e07-4d0b-a926-c7165d9321fa: Failed getting LoadBalancer: GetCloudProviderVpc failed: Failed to ListResourceGroups: Can not get resource groups without account id in parameter by service id token
E1111 00:09:10.313348       1 controller.go:754] failed to update load balancer hosts for service openshift-ingress/router-default: Error on cloud load balancer kube-ipi-dev-test-65-l5q2q-23840c6c5e074d0ba926c7165d9321fa for service openshift-ingress/router-default with UID 23840c6c-5e07-4d0b-a926-c7165d9321fa: Failed updating LoadBalancer: GetCloudProviderVpc failed: Failed to ListResourceGroups: Can not get resource groups without account id in parameter by service id token
I1111 00:09:10.313386       1 event.go:285] Event(v1.ObjectReference{Kind:"Service", Namespace:"openshift-ingress", Name:"router-default", UID:"23840c6c-5e07-4d0b-a926-c7165d9321fa", APIVersion:"v1", ResourceVersion:"13821", FieldPath:""}): type: 'Warning' reason: 'GettingCloudLoadBalancerFailed' Error on cloud load balancer kube-ipi-dev-test-65-l5q2q-23840c6c5e074d0ba926c7165d9321fa for service openshift-ingress/router-default with UID 23840c6c-5e07-4d0b-a926-c7165d9321fa: Failed getting LoadBalancer: GetCloudProviderVpc failed: Failed to ListResourceGroups: Can not get resource groups without account id in parameter by service id token
I1111 00:09:10.313418       1 event.go:294] "Event occurred" object="openshift-ingress/router-default" kind="Service" apiVersion="v1" type="Warning" reason="UpdateLoadBalancerFailed" message="Error updating load balancer with new hosts map[ipi-dev-test-65-l5q2q-master-0:{} ipi-dev-test-65-l5q2q-master-1:{} ipi-dev-test-65-l5q2q-master-2:{} ipi-dev-test-65-l5q2q-worker-1-2249t:{} ipi-dev-test-65-l5q2q-worker-2-fsmnt:{} ipi-dev-test-65-l5q2q-worker-3-4c4bx:{}]: Error on cloud load balancer kube-ipi-dev-test-65-l5q2q-23840c6c5e074d0ba926c7165d9321fa for service openshift-ingress/router-default with UID 23840c6c-5e07-4d0b-a926-c7165d9321fa: Failed updating LoadBalancer: GetCloudProviderVpc failed: Failed to ListResourceGroups: Can not get resource groups without account id in parameter by service id token"

@cjschaef
Copy link
Member Author

IBM CCM changes have been pulled in, and was able to confirm the error currently seen during IPI deploy on IBM Cloud, with current CredentialsRequest

I1118 16:15:07.691626       1 ibm_vpc_loadbalancer.go:421] Processing line: ERROR: GetCloudProviderVpc failed: 0 resource groups match name: ipi-dev-test-66-lrmht
E1118 16:15:07.691632       1 ibm_vpc_loadbalancer.go:518] ERROR: GetCloudProviderVpc failed: 0 resource groups match name: ipi-dev-test-66-lrmht
I1118 16:15:07.691635       1 ibm_vpc_loadbalancer.go:421] Processing line: 
I1118 16:15:07.691637       1 ibm_vpc_loadbalancer.go:421] Processing line: 
I1118 16:15:08.680968       1 ibm_vpc_loadbalancer.go:289] [16:15:06.4564] Entering UpdateLoadBalancer(kube-ipi-dev-test-66-lrmht-6a8bed10200b45baa87dddec5b901f17, openshift-ingress/router-default)
E1118 16:15:08.680987       1 ibm_vpc_loadbalancer.go:284] GetCloudProviderVpc failed: 0 resource groups match name: ipi-dev-test-66-lrmht
I1118 16:15:08.681047       1 ibm_vpc_loadbalancer.go:115] GetLoadBalancer(kube-ipi-dev-test-66-lrmht-6a8bed10200b45baa87dddec5b901f17, kubernetes)
I1118 16:15:08.681124       1 event.go:285] Event(v1.ObjectReference{Kind:"Service", Namespace:"openshift-ingress", Name:"router-default", UID:"6a8bed10-200b-45ba-a87d-ddec5b901f17", APIVersion:"v1", ResourceVersion:"15594", FieldPath:""}): type: 'Warning' reason: 'UpdatingCloudLoadBalancerFailed' Error on cloud load balancer kube-ipi-dev-test-66-lrmht-6a8bed10200b45baa87dddec5b901f17 for service openshift-ingress/router-default with UID 6a8bed10-200b-45ba-a87d-ddec5b901f17: Failed updating LoadBalancer: GetCloudProviderVpc failed: 0 resource groups match name: ipi-dev-test-66-lrmht
I1118 16:15:09.951926       1 ibm_vpc_loadbalancer.go:138] [16:15:08.6944] Entering StatusLoadBalancer(kube-ipi-dev-test-66-lrmht-6a8bed10200b45baa87dddec5b901f17)
E1118 16:15:09.951955       1 ibm_vpc_loadbalancer.go:133] GetCloudProviderVpc failed: 0 resource groups match name: ipi-dev-test-66-lrmht
E1118 16:15:09.952005       1 controller.go:824] failed to check if load balancer exists for service openshift-ingress/router-default: Error on cloud load balancer kube-ipi-dev-test-66-lrmht-6a8bed10200b45baa87dddec5b901f17 for service openshift-ingress/router-default with UID 6a8bed10-200b-45ba-a87d-ddec5b901f17: Failed getting LoadBalancer: GetCloudProviderVpc failed: 0 resource groups match name: ipi-dev-test-66-lrmht
E1118 16:15:09.952064       1 controller.go:765] failed to update load balancer hosts for service openshift-ingress/router-default: Error on cloud load balancer kube-ipi-dev-test-66-lrmht-6a8bed10200b45baa87dddec5b901f17 for service openshift-ingress/router-default with UID 6a8bed10-200b-45ba-a87d-ddec5b901f17: Failed updating LoadBalancer: GetCloudProviderVpc failed: 0 resource groups match name: ipi-dev-test-66-lrmht
I1118 16:15:09.952058       1 event.go:285] Event(v1.ObjectReference{Kind:"Service", Namespace:"openshift-ingress", Name:"router-default", UID:"6a8bed10-200b-45ba-a87d-ddec5b901f17", APIVersion:"v1", ResourceVersion:"15594", FieldPath:""}): type: 'Warning' reason: 'GettingCloudLoadBalancerFailed' Error on cloud load balancer kube-ipi-dev-test-66-lrmht-6a8bed10200b45baa87dddec5b901f17 for service openshift-ingress/router-default with UID 6a8bed10-200b-45ba-a87d-ddec5b901f17: Failed getting LoadBalancer: GetCloudProviderVpc failed: 0 resource groups match name: ipi-dev-test-66-lrmht

A test using the changes from this PR allowed for a successful IPI deployment.

Opening this PR up for review now.

@cjschaef cjschaef marked this pull request as ready for review November 18, 2021 18:53
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 18, 2021
elmiko
elmiko reviewed Nov 18, 2021
View reviewed changes
Copy link
Contributor

@elmiko elmiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@openshift-ci openshift-ci bot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Nov 18, 2021
@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

rtheis
rtheis approved these changes Nov 18, 2021
View reviewed changes
Copy link
Contributor

@rtheis rtheis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 18, 2021

@rtheis: changing LGTM is restricted to collaborators

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 18, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: elmiko, hasueki, rtheis

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

6 similar comments
@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 19, 2021
edited

@cjschaef: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-vsphere-ccm ae8a9b6 link false /test e2e-vsphere-ccm
ci/prow/e2e-gcp-ccm ae8a9b6 link false /test e2e-gcp-ccm
ci/prow/e2e-gcp-ccm-install ae8a9b6 link false /test e2e-gcp-ccm-install
ci/prow/e2e-vsphere-ccm-install ae8a9b6 link false /test e2e-vsphere-ccm-install
ci/prow/e2e-azure ae8a9b6 link false /test e2e-azure
ci/prow/e2e-azure-upgrade ae8a9b6 link false /test e2e-azure-upgrade
ci/prow/e2e-openstack-ccm ae8a9b6 link false /test e2e-openstack-ccm
ci/prow/e2e-azure-ccm-install ae8a9b6 link false /test e2e-azure-ccm-install
ci/prow/e2e-azure-ccm ae8a9b6 link false /test e2e-azure-ccm

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

3 similar comments
@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit 7a81d39 into openshift:master Nov 19, 2021
@cjschaef cjschaef deleted the bz_2019219 branch September 7, 2022 03:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elmiko elmiko elmiko left review comments

@rtheis rtheis rtheis approved these changes

@hasueki hasueki hasueki approved these changes

@alexander-demicev alexander-demicev Awaiting requested review from alexander-demicev

@lobziik lobziik Awaiting requested review from lobziik

Assignees

@elmiko elmiko

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@cjschaef @openshift-bot @elmiko @rtheis @hasueki @openshift-merge-robot