-
Notifications
You must be signed in to change notification settings - Fork 296
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HOSTEDCP-1402: cmd/infra/aws/destroy: allow using component credentials #3975
base: main
Are you sure you want to change the base?
HOSTEDCP-1402: cmd/infra/aws/destroy: allow using component credentials #3975
Conversation
@stevekuznetsov: This pull request references HOSTEDCP-1402 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Lots of failures on
/retest |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some comments
0ca019c
to
b4ac15f
Compare
✅ Deploy Preview for hypershift-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: csrwng, stevekuznetsov The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
b4ac15f
to
8576bcd
Compare
Verify just needed |
/lgtm |
/retest |
/hold Revision 8576bcd was retested 3 times: holding |
/hold cancel |
@stevekuznetsov: This pull request references HOSTEDCP-1402 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/hold Revision 8576bcd was retested 3 times: holding |
The policies in this file are statically associated with the service account names and the user agents, and these associations are stable. This refactor exposes the association to a) enforce the connections and b) allow other consumers to understand it. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
When we run a cleanup task using the myriad credentials that cluster components have, we need to delegate each call to an AWS service API to the correct credential that has permissions to use it. We can generate the delegating client directly from our policy documents to allow us to keep consumer code from having to know that there are many different clients operating under the hood in this mode. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
8576bcd
to
5461016
Compare
/lgtm |
/retest |
/hold cancel |
@stevekuznetsov: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
/hold Revision 5461016 was retested 3 times: holding |
cmd/infra/aws/iam: refactor static data
The policies in this file are statically associated with the service
account names and the user agents, and these associations are stable.
This refactor exposes the association to a) enforce the connections and
b) allow other consumers to understand it.
Signed-off-by: Steve Kuznetsov skuznets@redhat.com
cmd/infra/aws: generate a delegating AWS client
When we run a cleanup task using the myriad credentials that cluster
components have, we need to delegate each call to an AWS service API to
the correct credential that has permissions to use it. We can generate
the delegating client directly from our policy documents to allow us to
keep consumer code from having to know that there are many different
clients operating under the hood in this mode.
Signed-off-by: Steve Kuznetsov skuznets@redhat.com
cmd/infra/aws/destroy: allow using component credentials
Signed-off-by: Steve Kuznetsov skuznets@redhat.com