Update well-known policy for ebsCSIController #7451
Merged
+2
−26
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hello teraflik 👋 Thank you for opening a Pull Request in eksctl project. The team will review the Pull Request and aim to respond within 1-10 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website
|
Sorry to ping you @cPu1 / @TiberiuGC but do you think this can be moved forward? |
yuxiang-zhang
approved these changes
Jan 17, 2024
There was a problem hiding this comment.
Found the corresponding update: kubernetes-sigs/aws-ebs-csi-driver@b1d476c
|
Thanks @yuxiang-zhang for finding that. Now approval to run the workflow is needed to proceed. |
|
Updated the test case. |
The IAM condition key StringLike was used incorrectly in the policy and it doesn't work with wildcard (*) in the key itself. Wildcard is only supported in the value of the key. This fixes issue in cases where a volume dynamically provisioned via the older in-tree CSI plugin is being deleted by the new EBS CSI driver, because such volumes don't have the tags used in the policy. The changes made are inspired from the AWS managed AmazonEBSCSIDriverPolicy.
|
Missed a comma in json, fixed now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The IAM condition key
StringLikewas used incorrectly in the policy and it doesn't work with wildcard (*) in the key itself. Wildcards are only supported in the value of the key.This fixes an issue in cases where a volume dynamically provisioned via the older in-tree CSI plugin is being deleted by the new EBS CSI driver, because such volumes don't have the tags used in the policy.
The changes made are inspired from the AWS managed
AmazonEBSCSIDriverPolicy.Checklist
README.md, or theuserdocsdirectory)area/nodegroup) and kind (e.g.kind/improvement)