Added AWS IAMGroup with UserMembership, and PolicyAttachment #249
Conversation
| type IAMGroupSpec struct { | ||
| runtimev1alpha1.ResourceSpec `json:",inline"` | ||
| // +optional | ||
| ForProvider IAMGroupParameters `json:"forProvider"` |
There was a problem hiding this comment.
This field is a required field, so should not be annotated with optional
|
|
||
| // An IAMGroupPolicyAttachment is a managed resource that represents an AWS IAM | ||
| // Group policy attachment. | ||
| // +kubebuilder:printcolumn:name="USERNAME",type="string",JSONPath=".spec.forProvider.groupName" |
There was a problem hiding this comment.
The column name should be GROUPNAME I assume.
| // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" | ||
| // +kubebuilder:subresource:status | ||
| // +kubebuilder:resource:scope=Cluster | ||
| type IAMUserGroupAttachment struct { |
There was a problem hiding this comment.
Would IAMGroupUserMembership be a good name?
There was a problem hiding this comment.
Yup, seems good and pushed the changes
pkg/clients/iam/iamgroup.go
Outdated
| } | ||
|
|
||
| // GenerateIAMGroup assigns the in IAMGroupParameters to group. | ||
| func GenerateIAMGroup(in v1alpha1.IAMGroupParameters, role *iam.Group) error { |
There was a problem hiding this comment.
Is this function being used anywhere?
pkg/clients/iam/iamgroup_test.go
Outdated
| @@ -0,0 +1 @@ | |||
| package iam | |||
There was a problem hiding this comment.
I think we can remove this file.
| @@ -0,0 +1 @@ | |||
| package iam | |||
There was a problem hiding this comment.
We can remove this file maybe.
| func (e *external) Update(ctx context.Context, mgd resource.Managed) (managed.ExternalUpdate, error) { | ||
| // Updating any field will create a new User-Policy attachment in AWS, which will be | ||
| // irrelevant/out-of-sync to the original defined attachment. | ||
| // It is encouraged to instead create a new IAMUserPolicyAttachment resource. |
There was a problem hiding this comment.
| // It is encouraged to instead create a new IAMUserPolicyAttachment resource. | |
| // It is encouraged to instead create a new IAMUserGroupAttachment resource. |
| } | ||
|
|
||
| func (e *external) Update(ctx context.Context, mgd resource.Managed) (managed.ExternalUpdate, error) { | ||
| // Updating any field will create a new User-Policy attachment in AWS, which will be |
There was a problem hiding this comment.
| // Updating any field will create a new User-Policy attachment in AWS, which will be | |
| // Updating any field will create a new User-Group attachment in AWS, which will be |
rahulchheda
changed the title
| // PolicyARN is the Amazon Resource Name (ARN) of the IAM policy you want to | ||
| // attach. | ||
| // +immutable | ||
| PolicyARN string `json:"policyArn"` |
There was a problem hiding this comment.
I think a reference to the IAMPolicy resource can also be added here.
| // GroupName is the Amazon IAM Group Name (IAMGroup) of the IAM group you want to | ||
| // add User to. | ||
| // +immutable | ||
| GroupName string `json:"groupName"` |
There was a problem hiding this comment.
Also here, we can add a reference to the IAMGroup resource.
|
Hi @rahulchheda and @sahil-lakhwani, Can you please comment here when you've finished your internal review and feel this PR is ready for @muvaf to review. Thanks, |
|
Also - it seems like this PR may need to be rebased on master. I see a lot of unrelated commits in the history. |
|
Apologies @negz and @muvaf , fixed the rebase issue on this PR. I think this PR is ready for review. I guess internal reviews have been done, or @sahil-lakhwani , would you like to take one more pass? |
| // PolicyARN is the Amazon Resource Name (ARN) of the IAM policy you want to | ||
| // attach. | ||
| // +immutable | ||
| PolicyARN string `json:"policyArn,omitempty"` |
There was a problem hiding this comment.
I think this should be annotated with +optional and should be of pointer type.
|
|
||
| // GroupName presents the name of the IAMGroup. | ||
| // +immutable | ||
| GroupName string `json:"groupName,omitempty"` |
There was a problem hiding this comment.
same here, the filed should be annotated with +optional and be of pointer type.
| // GroupName is the Amazon IAM Group Name (IAMGroup) of the IAM group you want to | ||
| // add User to. | ||
| // +immutable | ||
| GroupName string `json:"groupName,omitempty"` |
There was a problem hiding this comment.
Same here as well, GroupName should be pointer type.
|
Thanks @rahulchheda and @sahil-lakhwani! Looks like there's a little more review to go. I'll wait until @sahil-lakhwani has approved this PR before we have a maintainer review it. |
|
@negz The PR looks good to me after the latest commit. I think it's ready for you to review. |
There was a problem hiding this comment.
Thank you @rahulchheda and @sahil-lakhwani , really impressed!
It looks pretty good already. I have left a few small comments. It should be ready to merge after they are addressed.
|
@muvaf , I'm done with the changes, could you take a look? If it's good, remind me to squash my commits. |
Signed-off-by: Rahul M Chheda <rchheda@infracloud.io>
Added AWS IAMGroup with UserMembership, and PolicyAttachment
Added AWS IAMGroup with UserMembership, and PolicyAttachment
DynamoDB: add aws_dynamodb_tag resource
Signed-off-by: Rahul M Chheda rchheda@infracloud.io
Description of your changes
Checklist
I have:
make reviewableto ensure this PR is ready for review.app.yamlto include any new role permissions.