search

ppc64le-cloud / pvsadm

Tool for managing the IBM Power Systems Virtual Servers
Apache License 2.0
37 stars 32 forks source link

Unable to import image from newly created bucket - Access denied #77

Closed sudeeshjohn closed 3 years ago

sudeeshjohn commented 3 years ago 
🍎 Friday December 11 2020 08:54:51 AM 🍎
╭─github.com/ocp-power-automation/full-flow                                                                                                          ⍉
╰─▶ ./pvsadm image upload --bucket new-test-bucket-3 -o ./pvsadm-darwin-amd64.tar.gz --resource-group ocp-cicd-resource-group
I1211 08:55:28.280074   65131 root.go:29] Using an API key from IBMCLOUD_API_KEY environment variable
I1211 08:55:40.199134   65131 upload.go:87] bucket new-test-bucket-3 not found in the account provided
Would You Like to use Available COS Instance for creating bucket? [y/n]: n
Would you like to create new COS Instance? [y/n]: y
Provide Name of the cos-instance:my-cos
I1211 08:56:03.446725   65131 upload.go:111] Creating a new cos my-cos instance
I1211 08:56:10.505971   65131 resource.go:116] Resource service Instance Details :{0xc0008d8690 my-cos global 65b64c1f1c29460e8c2e4bbfbd893c2c 744bfc56-d12c-4866-88d5-dac9139e0e5d  8f77c5b8f9344ff39b25352c889ef612  crn:v1:bluemix:public:cloud-object-storage:global:a/65b64c1f1c29460e8c2e4bbfbd893c2c:a32bdd00-297a-40f7-b356-a49bdadac7f9:: [] map[] map[] 0 active service_instance dff97f5c-bc5e-4455-b470-411c3edbe49c  0xc000864a10 0xc0004e4cf0   /v1/resource_instances/crn:v1:bluemix:public:cloud-object-storage:global:a%2F65b64c1f1c29460e8c2e4bbfbd893c2c:a32bdd00-297a-40f7-b356-a49bdadac7f9::/resource_bindings /v1/resource_instances/crn:v1:bluemix:public:cloud-object-storage:global:a%2F65b64c1f1c29460e8c2e4bbfbd893c2c:a32bdd00-297a-40f7-b356-a49bdadac7f9::/resource_aliases  crn:v1:bluemix:public:globalcatalog::::deployment:744bfc56-d12c-4866-88d5-dac9139e0e5d%3Aglobal}
I1211 08:56:11.141201   65131 upload.go:142] Creating a new bucket new-test-bucket-3
I1211 08:56:13.023447   65131 s3client.go:120] Waiting for bucket "new-test-bucket-3" to be created...
I1211 08:56:13.562694   65131 s3client.go:130] uploading the object ./pvsadm-darwin-amd64.tar.gz
I1211 08:56:19.801698   65131 s3client.go:156] Upload completed successfully in 6.238141 seconds to location https://s3.us-south.cloud-object-storage.appdomain.cloud/new-test-bucket-3/pvsadm-darwin-amd64.tar.gz
🍎 Friday December 11 2020 08:56:19 AM 🍎
╭─github.com/ocp-power-automation/full-flow
╰─▶ ./pvsadm image import -n ocp-cicd-tokyo-04  -b new-test-bucket-3  -r us-south --object-name pvsadm-darwin-amd64.tar.gz --image-name pvsadm-darwin
I1211 08:57:03.972799   65234 root.go:29] Using an API key from IBMCLOUD_API_KEY environment variable
I1211 08:57:18.203640   65234 import.go:107] new-test-bucket-3 bucket found in the my-cos[ID:crn:v1:bluemix:public:cloud-object-storage:global:a/65b64c1f1c29460e8c2e4bbfbd893c2c:a32bdd00-297a-40f7-b356-a49bdadac7f9::] COS instance
I1211 08:57:18.729575   65234 import.go:114] pvsadm-darwin-amd64.tar.gz object found in the new-test-bucket-3 bucket
I1211 08:57:19.175791   65234 import.go:140] Reading the existing service credential: pvsadm-service-cred
2020/12/11 08:57:20 the apiendpoint url for power is tok.power-iaas.cloud.ibm.com
2020/12/11 08:57:20 Calling the New Auth Method in the IBMPower Session Code
2020/12/11 08:57:20 Calling the crn constructor that is to be passed back to the caller  65b64c1f1c29460e8c2e4bbfbd893c2c
2020/12/11 08:57:20 the region is tok and the zone is  tok04
2020/12/11 08:57:20 the crndata is ... crn:v1:bluemix:public:power-iaas:tok04:a/65b64c1f1c29460e8c2e4bbfbd893c2c:e4bb3d9d-a37c-4b1f-a923-4537c0c8beb3::
Error: [POST /pcloud/v1/cloud-instances/{cloud_instance_id}/images][400] pcloudCloudinstancesImagesPostBadRequest  &{Code:0 Description:bad request: the cloud storage access validation failed: ERROR: Access to bucket 'new-test-bucket-3' was denied
ERROR: S3 error: 403 (AccessDenied): Access Denied
 Error:bad request Message:}
Usage:
  pvsadm image import [flags]

Flags:
      --accesskey string                 Cloud Storage access key
  -b, --bucket string                    Cloud Storage bucket name
  -h, --help                             help for import
      --image-name string                Name to give imported image
  -i, --instance-id string               Instance ID of the PowerVS instance
  -n, --instance-name string             Instance name of the PowerVS
  -o, --object-name string               Cloud Storage image filename
      --ostype string                    Image OS Type, accepted values are[aix, ibmi, redhat, sles] (default "redhat")
  -r, --region string                    COS bucket location
      --secretkey string                 Cloud Storage secret key
      --service-credential-name string   Service Credential name to be auto generated (default "pvsadm-service-cred")
      --storagetype string               Storage type, accepted values are [tier1, tier3] (default "tier3")

Global Flags:
      --add_dir_header                   If true, adds the file directory to the header of the log messages
      --alsologtostderr                  log to standard error as well as files
  -k, --api-key string                   IBMCLOUD API Key(env name: IBMCLOUD_API_KEY)
      --audit-file string                Audit logs for the tool (default "pvsadm.log")
      --debug                            Enable PowerVS debug option(ATTENTION: dev only option, may print sensitive data from APIs)
      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                   If non-empty, write log files in this directory
      --log_file string                  If non-empty, use this log file
      --log_file_max_size uint           Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                      log to standard error instead of files (default true)
      --skip_headers                     If true, avoid header prefixes in the log messages
      --skip_log_headers                 If true, avoid headers when opening log files
      --stderrthreshold severity         logs at or above this threshold go to stderr (default 2)
  -v, --v Level                          number for the log level verbosity
      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

E1211 08:57:23.544376   65234 root.go:68] [POST /pcloud/v1/cloud-instances/{cloud_instance_id}/images][400] pcloudCloudinstancesImagesPostBadRequest  &{Code:0 Description:bad request: the cloud storage access validation failed: ERROR: Access to bucket 'new-test-bucket-3' was denied
ERROR: S3 error: 403 (AccessDenied): Access Denied
 Error:bad request Message:}
🍎 Friday December 11 2020 08:57:23 AM 🍎
╭─github.com/ocp-power-automation/full-flow                                                                                                          ⍉
╰─▶
mkumatag commented 3 years ago

seems like dup of https://github.com/ppc64le-cloud/pvsadm/issues/68, got resolved recently,

sudeeshjohn commented 3 years ago

the new binary mentioned here https://github.com/ppc64le-cloud/pvsadm/issues/68#issuecomment-742634523 worked !

mkumatag commented 3 years ago

the new binary mentioned here #68 (comment) worked !

cool /close

ltccci commented 3 years ago

@mkumatag: Closing this issue.

In response to [this](https://github.com/ppc64le-cloud/pvsadm/issues/77#issuecomment-742957582): >> the new binary mentioned here [#68 (comment)](https://github.com/ppc64le-cloud/pvsadm/issues/68#issuecomment-742634523) worked ! > >cool >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.