Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HOSTEDCP-1402: cmd/infra/aws/destroy: allow using component credentials #3975

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

HOSTEDCP-1402: cmd/infra/aws/destroy: allow using component credentials #3975

wants to merge 3 commits into from
+1,234 −88

Conversation

stevekuznetsov
Copy link
Contributor

cmd/infra/aws/iam: refactor static data

The policies in this file are statically associated with the service
account names and the user agents, and these associations are stable.
This refactor exposes the association to a) enforce the connections and
b) allow other consumers to understand it.

Signed-off-by: Steve Kuznetsov skuznets@redhat.com

cmd/infra/aws: generate a delegating AWS client

When we run a cleanup task using the myriad credentials that cluster
components have, we need to delegate each call to an AWS service API to
the correct credential that has permissions to use it. We can generate
the delegating client directly from our policy documents to allow us to
keep consumer code from having to know that there are many different
clients operating under the hood in this mode.

Signed-off-by: Steve Kuznetsov skuznets@redhat.com

cmd/infra/aws/destroy: allow using component credentials

Signed-off-by: Steve Kuznetsov skuznets@redhat.com

@openshift-ci-robot
Copy link

openshift-ci-robot commented May 2, 2024
edited by openshift-ci bot

@stevekuznetsov: This pull request references HOSTEDCP-1402 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set.

In response to this:

cmd/infra/aws/iam: refactor static data

The policies in this file are statically associated with the service
account names and the user agents, and these associations are stable.
This refactor exposes the association to a) enforce the connections and
b) allow other consumers to understand it.

Signed-off-by: Steve Kuznetsov skuznets@redhat.com

cmd/infra/aws: generate a delegating AWS client

When we run a cleanup task using the myriad credentials that cluster
components have, we need to delegate each call to an AWS service API to
the correct credential that has permissions to use it. We can generate
the delegating client directly from our policy documents to allow us to
keep consumer code from having to know that there are many different
clients operating under the hood in this mode.

Signed-off-by: Steve Kuznetsov skuznets@redhat.com

cmd/infra/aws/destroy: allow using component credentials

Signed-off-by: Steve Kuznetsov skuznets@redhat.com

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 2, 2024
@openshift-ci openshift-ci bot requested review from enxebre and hasueki May 2, 2024 17:30
@openshift-ci openshift-ci bot added area/cli Indicates the PR includes changes for CLI and removed do-not-merge/needs-area labels May 2, 2024
@stevekuznetsov
Copy link
Contributor Author

Lots of failures on

    util.go:1402: Metric not found: "hypershift_cluster_silence_alerts"

/retest

@stevekuznetsov
Copy link
Contributor Author

/retest

@stevekuznetsov stevekuznetsov mentioned this pull request May 9, 2024
Merged
4 tasks
csrwng
csrwng reviewed May 10, 2024
View reviewed changes
Copy link
Contributor

@csrwng csrwng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments

cmd/infra/aws/iam_policies.go Outdated Show resolved Hide resolved
cmd/infra/aws/iam_policies.go Outdated Show resolved Hide resolved
cmd/infra/aws/iam_policies.go Show resolved Hide resolved
@netlify Netlify
Copy link

netlify bot commented May 10, 2024
edited

Deploy Preview for hypershift-docs ready!

Name Link
🔨 Latest commit 5461016
🔍 Latest deploy log https://app.netlify.com/sites/hypershift-docs/deploys/665620cacd7ae7000872ca51
😎 Deploy Preview https://deploy-preview-3975--hypershift-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@csrwng
Copy link
Contributor

csrwng commented May 10, 2024

/approve

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 10, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: csrwng, stevekuznetsov

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 10, 2024
@stevekuznetsov
Copy link
Contributor Author

Verify just needed make fmt

@enxebre
Copy link
Member

enxebre commented May 15, 2024

/lgtm
/retest

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 15, 2024
@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD 97d244b and 2 for PR HEAD 8576bcd in total

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD 82db100 and 1 for PR HEAD 8576bcd in total

@stevekuznetsov
Copy link
Contributor Author

/retest

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD 8f0d792 and 0 for PR HEAD 8576bcd in total

@openshift-ci-robot
Copy link

/hold

Revision 8576bcd was retested 3 times: holding

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 16, 2024
@stevekuznetsov
Copy link
Contributor Author

/hold cancel
/retest
/jira refresh

@openshift-ci-robot
Copy link

openshift-ci-robot commented May 20, 2024
edited by openshift-ci bot

@stevekuznetsov: This pull request references HOSTEDCP-1402 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

In response to this:

/hold cancel
/retest
/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 20, 2024
@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD c698d1d and 2 for PR HEAD 8576bcd in total

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD c5401ca and 1 for PR HEAD 8576bcd in total

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD f91af53 and 0 for PR HEAD 8576bcd in total

@openshift-ci-robot
Copy link

/hold

Revision 8576bcd was retested 3 times: holding

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 21, 2024
@stevekuznetsov
cmd/infra/aws/iam: refactor static data
2f809ba 
The policies in this file are statically associated with the service
account names and the user agents, and these associations are stable.
This refactor exposes the association to a) enforce the connections and
b) allow other consumers to understand it.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
@stevekuznetsov
cmd/infra/aws: generate a delegating AWS client
a026c9a 
When we run a cleanup task using the myriad credentials that cluster
components have, we need to delegate each call to an AWS service API to
the correct credential that has permissions to use it. We can generate
the delegating client directly from our policy documents to allow us to
keep consumer code from having to know that there are many different
clients operating under the hood in this mode.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
@stevekuznetsov
cmd/infra/aws/destroy: allow using component credentials
5461016 
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label May 28, 2024
@enxebre
Copy link
Member

enxebre commented May 29, 2024

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 29, 2024
@stevekuznetsov
Copy link
Contributor Author

/retest

@stevekuznetsov
Copy link
Contributor Author

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 29, 2024
@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD d5b642b and 2 for PR HEAD 5461016 in total

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD 6ccf12b and 1 for PR HEAD 5461016 in total

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD 99ca57b and 0 for PR HEAD 5461016 in total

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 30, 2024

@stevekuznetsov: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws 5461016 link true /test e2e-aws
ci/prow/e2e-kubevirt-azure-ovn 5461016 link false /test e2e-kubevirt-azure-ovn
ci/prow/e2e-azure 5461016 link false /test e2e-azure

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-ci-robot
Copy link

/hold

Revision 5461016 was retested 3 times: holding

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csrwng csrwng csrwng left review comments

@enxebre enxebre Awaiting requested review from enxebre

@hasueki hasueki Awaiting requested review from hasueki

Assignees

@enxebre enxebre

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/cli Indicates the PR includes changes for CLI do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@stevekuznetsov @openshift-ci-robot @csrwng @enxebre