Generate IAM Policy with all required Actions #740
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Zvikan
requested review from
askulkarni2,
kcoleman731,
vara-bonthu and
bryantbiggs
as code owners
bryantbiggs
reviewed
Jul 6, 2022
bryantbiggs
reviewed
Jul 6, 2022
askulkarni2
reviewed
Jul 6, 2022
bryantbiggs
reviewed
Jul 6, 2022
| kill ${{ env.iamlive_pid }} | ||
| while $(kill -0 ${{ env.iamlive_pid }} 2>/dev/null); do sleep 1; done; | ||
| cat ${HOME}/policy.json | ||
| aws s3 cp ${HOME}/policy.json s3://eks-blueprints-iam-policies/${{ matrix.example_path }}.json |
There was a problem hiding this comment.
- We should make the bucket name either a workflow global env variable or a github secret to ensure its defined in one place correctly (is it
terraform-eks-blueprints-iam-policies-examplesoreks-blueprints-iam-policies?) - do we need to add in a git ref or something so that PRs aren't clobbering one another? adding something like
/${{ github.ref }}/into the prefix? - If we do that, do we need/want to set a lifecycle policy on these
There was a problem hiding this comment.
- set as global env var, correct bucket name was set (good catch!)
- currently the python script merges all the files seeing in the bucket, as of now we cant run multiple parallel e2e flows at the same time.
I made the suggested change but then thought about it, the current script is merging all the files seeing in this bucket, as we go we can start tweak this around according to use case, I did enable versioning on the bucket for now just in-case.
bryantbiggs
approved these changes
Jul 7, 2022
allamand
pushed a commit
to allamand/terraform-aws-eks-blueprints
that referenced
this pull request
Dec 15, 2022
* feat: generate iam policy per example * feat: add final policy generator script * chore: clean code - workflow env, one liner syntax * chore: bucket name as global env * fix: place policy per gh ref * fix: revert bb18d5
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Motivation
More
pre-commit run -awith this PRNote: Not all the PRs required examples and docs except a new pattern or add-on added.
For Moderators
Additional Notes