Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Got access denied while importing the new image with alpha 9 release #68

Closed
Shilpi-Das1 opened this issue Dec 10, 2020 · 3 comments · Fixed by #71
Closed

Got access denied while importing the new image with alpha 9 release #68

Shilpi-Das1 opened this issue Dec 10, 2020 · 3 comments · Fixed by #71
Assignees
@mkumatag
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.
Milestone
20.12

Comments

@Shilpi-Das1
Copy link
Contributor

Command used
pvsadm image import -n ocp-cicd-sydney-04 -b shilpibucket1 --object-name rhel-83-121020.ova.gz --image-name rhel-11-test-121020 -r us-south
Output:

I1210 12:21:43.638937   46017 root.go:29] Using an API key from IBMCLOUD_API_KEY environment variable
I1210 12:21:59.254089   46017 import.go:107] shilpibucket1 bucket found in the shilpi-test[ID:crn:v1:bluemix:public:cloud-object-storage:global:a/65b64c1f1c29460e8c2e4bbfbd893c2c:0e06e4d3-a962-4d28-8393-87b99c42acdf::] COS instance
I1210 12:21:59.646406   46017 import.go:114] rhel-83-121020.ova.gz object found in the shilpibucket1 bucket
I1210 12:22:00.092207   46017 import.go:140] Reading the existing service credential: pvsadm-service-cred
2020/12/10 12:22:00 the apiendpoint url for power is syd.power-iaas.cloud.ibm.com
2020/12/10 12:22:00 Calling the New Auth Method in the IBMPower Session Code
2020/12/10 12:22:00 Calling the crn constructor that is to be passed back to the caller  65b64c1f1c29460e8c2e4bbfbd893c2c
2020/12/10 12:22:00 the region is syd and the zone is  syd04
2020/12/10 12:22:00 the crndata is ... crn:v1:bluemix:public:power-iaas:syd04:a/65b64c1f1c29460e8c2e4bbfbd893c2c:6d030c4b-64a3-494d-aeed-8c453dd98903::
Error: [POST /pcloud/v1/cloud-instances/{cloud_instance_id}/images][400] pcloudCloudinstancesImagesPostBadRequest  &{Code:0 Description:bad request: the cloud storage access validation failed: ERROR: Access to bucket 'shilpibucket1' was denied
ERROR: S3 error: 403 (AccessDenied): Access Denied

When ran by providing new service credential its passing
pvsadm image import -n ocp-cicd-sydney-04 -b shilpibucket1 --object-name rhel-83-121020.ova.gz --image-name rhel-181-test-121020 -r us-south --service-credential-name newcred

pvsadm version
I1210 12:39:58.349995 46382 root.go:29] Using an API key from IBMCLOUD_API_KEY environment variable
Version: v0.1-alpha.9, GoVersion: go1.15.5

Expectation: It should pass without passing --service-credential-name newcred
@mkumatag
Copy link
Member

Today I also encountered this issue as well, this happens when

  1. User1 imports the image with service credential Cred1(newly created by User1 auth)
  2. User2 imports the image with service credential Cred1(already existing one from User1 with User1 Auth)

So will have to figure out a way to use a proper credential instead of reusing the existing one

/assign
/priority critical-urgent
/kind bug

@ltccci ltccci added priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. kind/bug Categorizes issue or PR as related to a bug. labels Dec 10, 2020
@mkumatag
Copy link
Member

@bkhadars FYI ^^

@mkumatag mkumatag mentioned this issue Dec 10, 2020
Merged
@mkumatag mkumatag added this to the 20.12 milestone Dec 10, 2020
@mkumatag
Copy link
Member

mkumatag commented Dec 10, 2020
edited

@Shilpi-Das1 you can fetch the binaries under the Artifacts section for pre-release master branch - https://github.com/ppc64le-cloud/pvsadm/actions/runs/413444502

This was referenced Dec 11, 2020
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkumatag mkumatag

Labels
kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.
Projects
None yet
Milestone
20.12
Development

Successfully merging a pull request may close this issue.

Generate the service credential per user mkumatag/pvsadm
3 participants
@mkumatag @ltccci @Shilpi-Das1