-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added AWS IAMGroup with UserMembership, and PolicyAttachment #249
Conversation
type IAMGroupSpec struct { | ||
runtimev1alpha1.ResourceSpec `json:",inline"` | ||
// +optional | ||
ForProvider IAMGroupParameters `json:"forProvider"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This field is a required field, so should not be annotated with optional
|
||
// An IAMGroupPolicyAttachment is a managed resource that represents an AWS IAM | ||
// Group policy attachment. | ||
// +kubebuilder:printcolumn:name="USERNAME",type="string",JSONPath=".spec.forProvider.groupName" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The column name should be GROUPNAME I assume.
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" | ||
// +kubebuilder:subresource:status | ||
// +kubebuilder:resource:scope=Cluster | ||
type IAMUserGroupAttachment struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would IAMGroupUserMembership
be a good name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, seems good and pushed the changes
pkg/clients/iam/iamgroup.go
Outdated
} | ||
|
||
// GenerateIAMGroup assigns the in IAMGroupParameters to group. | ||
func GenerateIAMGroup(in v1alpha1.IAMGroupParameters, role *iam.Group) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this function being used anywhere?
pkg/clients/iam/iamgroup_test.go
Outdated
@@ -0,0 +1 @@ | |||
package iam |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can remove this file.
@@ -0,0 +1 @@ | |||
package iam |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can remove this file maybe.
func (e *external) Update(ctx context.Context, mgd resource.Managed) (managed.ExternalUpdate, error) { | ||
// Updating any field will create a new User-Policy attachment in AWS, which will be | ||
// irrelevant/out-of-sync to the original defined attachment. | ||
// It is encouraged to instead create a new IAMUserPolicyAttachment resource. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// It is encouraged to instead create a new IAMUserPolicyAttachment resource. | |
// It is encouraged to instead create a new IAMUserGroupAttachment resource. |
} | ||
|
||
func (e *external) Update(ctx context.Context, mgd resource.Managed) (managed.ExternalUpdate, error) { | ||
// Updating any field will create a new User-Policy attachment in AWS, which will be |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Updating any field will create a new User-Policy attachment in AWS, which will be | |
// Updating any field will create a new User-Group attachment in AWS, which will be |
// PolicyARN is the Amazon Resource Name (ARN) of the IAM policy you want to | ||
// attach. | ||
// +immutable | ||
PolicyARN string `json:"policyArn"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think a reference to the IAMPolicy
resource can also be added here.
// GroupName is the Amazon IAM Group Name (IAMGroup) of the IAM group you want to | ||
// add User to. | ||
// +immutable | ||
GroupName string `json:"groupName"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also here, we can add a reference to the IAMGroup
resource.
Hi @rahulchheda and @sahil-lakhwani, Can you please comment here when you've finished your internal review and feel this PR is ready for @muvaf to review. Thanks, |
Also - it seems like this PR may need to be rebased on master. I see a lot of unrelated commits in the history. |
Apologies @negz and @muvaf , fixed the rebase issue on this PR. I think this PR is ready for review. I guess internal reviews have been done, or @sahil-lakhwani , would you like to take one more pass? |
// PolicyARN is the Amazon Resource Name (ARN) of the IAM policy you want to | ||
// attach. | ||
// +immutable | ||
PolicyARN string `json:"policyArn,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be annotated with +optional
and should be of pointer type.
|
||
// GroupName presents the name of the IAMGroup. | ||
// +immutable | ||
GroupName string `json:"groupName,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here, the filed should be annotated with +optional
and be of pointer type.
// GroupName is the Amazon IAM Group Name (IAMGroup) of the IAM group you want to | ||
// add User to. | ||
// +immutable | ||
GroupName string `json:"groupName,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here as well, GroupName
should be pointer type.
Thanks @rahulchheda and @sahil-lakhwani! Looks like there's a little more review to go. I'll wait until @sahil-lakhwani has approved this PR before we have a maintainer review it. |
@negz The PR looks good to me after the latest commit. I think it's ready for you to review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @rahulchheda and @sahil-lakhwani , really impressed!
It looks pretty good already. I have left a few small comments. It should be ready to merge after they are addressed.
@muvaf , I'm done with the changes, could you take a look? If it's good, remind me to squash my commits. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM after fixing two small things for test to pass and the commit history. Thanks!
Signed-off-by: Rahul M Chheda <rchheda@infracloud.io>
Added AWS IAMGroup with UserMembership, and PolicyAttachment
Added AWS IAMGroup with UserMembership, and PolicyAttachment
DynamoDB: add aws_dynamodb_tag resource
Signed-off-by: Rahul M Chheda rchheda@infracloud.io
Description of your changes
Checklist
I have:
make reviewable
to ensure this PR is ready for review.app.yaml
to include any new role permissions.