Skip to content

ISSUE-2337 IAM service linked role support #134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

ISSUE-2337 IAM service linked role support #134

wants to merge 2 commits into from
+2,381 −30

Conversation

sga80
Copy link

@sga80 sga80 commented May 3, 2025
edited
Loading

Issue #2337, if available:

Description of changes:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Tested this E2E . The test TestServiceLinkedRole passed , however 2 other unrelated tests failed, probably because of my setup.
Screenshot 2025-05-03 at 7 26 59 AM

@ack-prow ack-prow bot requested review from jlbutler and michaelhtm May 3, 2025 14:29
@ack-prow ACK Prow
Copy link

ack-prow bot commented May 3, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sga80
Once this PR has been reviewed and has the lgtm label, please assign knottnt for approval by writing /assign @knottnt in a comment. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ack-prow ack-prow bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 3, 2025
@ack-prow ACK Prow
Copy link

ack-prow bot commented May 3, 2025

Hi @sga80. Thanks for your PR.

I'm waiting for a aws-controllers-k8s member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sga80 sga80 mentioned this pull request May 3, 2025
Open
michaelhtm
michaelhtm reviewed May 5, 2025
View reviewed changes
Copy link
Member

@michaelhtm michaelhtm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @sga80!!
left a few inline comments.
/ok-to-test

config/controller/kustomization.yaml
@@ -6,4 +6,4 @@ kind: Kustomization
images:
- name: controller
newName: public.ecr.aws/aws-controllers-k8s/iam-controller
newTag: 1.3.20
newTag: 0.0.0-non-release-version
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you pull the latest tags?

apis/v1alpha1/ack-generate-metadata.yaml
go_version: go1.24.2
version: v0.45.0
api_directory_checksum: 7e1c19231d3275a1147157f6943a7391953f7001
version: v0.44.0-3-g0909e7f
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we made a new release for code-generator with v0.45.0.

apis/v1alpha1/generator.yaml
Comment on lines +348 to +349
find_operation:
custom_method_name: customGetServiceLinkedRole
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we do this instead? https://github.com/aws-controllers-k8s/ec2-controller/blob/cfbaec9206c64a720c4b2ce89d691b8c30715995/generator.yaml#L287-L291

We can use GetRole as operation and READ_ONE as operation_type

apis/v1alpha1/generator.yaml
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we mark all fields as immutable? except Description

templates/hooks/service_linked_role/sdk_create_post_set_output.go.tpl
@@ -0,0 +1 @@
ackcondition.SetSynced(&resource{ko}, corev1.ConditionFalse, nil, nil)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a reason for this?

@ack-prow ack-prow bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 5, 2025
@ack-prow ACK Prow
Copy link

ack-prow bot commented May 5, 2025

@sga80: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
iam-verify-attribution f47d6ef link false /test iam-verify-attribution

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelhtm michaelhtm michaelhtm left review comments

@jlbutler jlbutler Awaiting requested review from jlbutler

Assignees
No one assigned
Labels
ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sga80 @michaelhtm