Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dedicated function for ccm permissons #11991

Merged
merged 1 commit into from
Jul 16, 2021
Merged

Dedicated function for ccm permissons #11991

merged 1 commit into from
Jul 16, 2021

Conversation

olemarkus
Copy link
Member

The refactoring work from #11818

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jul 14, 2021
@olemarkus olemarkus mentioned this pull request Jul 14, 2021
Merged
@olemarkus olemarkus changed the title WIP: Dedicated function for ccm permissons Dedicated function for ccm permissons Jul 14, 2021
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 14, 2021
@olemarkus
Copy link
Member Author

/cc @rifelpet

rifelpet
rifelpet reviewed Jul 14, 2021
View reviewed changes
Copy link
Member

@rifelpet rifelpet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments, otherwise looks good to me though it does seem to increase the policy document size substantially so I worry users will hit size limits more frequently with additionalPolicies

pkg/model/iam/iam_builder.go Show resolved Hide resolved
pkg/model/iam/iam_builder.go Outdated Show resolved Hide resolved
johngmyers
johngmyers reviewed Jul 15, 2021
View reviewed changes
pkg/model/iam/iam_builder.go Outdated

p.unconditionalAction.Insert(
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we still need this.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think so. I couldn't see CCM use this. It is mentioned here, but this is probably dated https://cloud-provider-aws.sigs.k8s.io/prerequisites.html

@olemarkus
Copy link
Member Author

A few comments, otherwise looks good to me though it does seem to increase the policy document size substantially so I worry users will hit size limits more frequently with additionalPolicies

Looking at the strict json golden output, it will increase the size from roughly 5k to 6k. So substantially, but still a way to go before the limit is hit. The added bytes come from improving the cluster isolation, which I think is worth it.

@rifelpet
Dedicated function for ccm permissons
f0390ed 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
@olemarkus
Copy link
Member Author

/test pull-kops-e2e-cni-amazonvpc

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 16, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rifelpet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 16, 2021
@k8s-ci-robot k8s-ci-robot merged commit 14de757 into kubernetes:master Jul 16, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone Jul 16, 2021
@rifelpet rifelpet mentioned this pull request Oct 20, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rifelpet rifelpet rifelpet approved these changes

@hakman hakman Awaiting requested review from hakman

@johngmyers johngmyers Awaiting requested review from johngmyers

Assignees

@rifelpet rifelpet

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
v1.22
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@olemarkus @k8s-ci-robot @rifelpet @johngmyers