Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add permissions boundary support to ccoctl when creating AWS IAM Roles #346

Merged
merged 3 commits into from Jun 28, 2021
Merged

Add permissions boundary support to ccoctl when creating AWS IAM Roles #346

merged 3 commits into from Jun 28, 2021

Conversation

bellpr
Copy link
Contributor

@bellpr bellpr commented May 23, 2021

No description provided.

@openshift-ci openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 23, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 23, 2021

Hi @bellpr. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested review from abutcher and twiest May 23, 2021 04:50
@gregsheremeta
Copy link
Contributor

/ok-to-test

@openshift-ci openshift-ci bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 23, 2021
@gregsheremeta
Copy link
Contributor

/assign @joelddiaz @dgoodwin

joelddiaz
joelddiaz reviewed May 24, 2021
View reviewed changes
Copy link
Contributor

@joelddiaz joelddiaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks fine to me.
@dgoodwin I think the only question I have is whether we want to expose this functionality for the create-all subcommand.

@dgoodwin
Copy link
Contributor

It's on AWS specific sub-commands, it would be weird if you could only use it if you did step by step and not create-all. Feels like create-all might need some command flag inheritance someday, but as is it looks ok to me. Any reason we'd not want it on create-all I'm not aware of?

@akhil-rane
Copy link
Contributor

looks okay to me to have this subcommand on create-all

@bellpr
Eliminate empty fields in JSON output from `ccoctl aws create-iam-rol…
6a4309e 
…es --dry-run` to ensure it is valid input for the `CreateRole`/`PutRolePolicy` APIs and document the requirement

Apply role tags in `ccoctl aws create-iam-roles --dry-run` JSON output consistent with the behavior without `--dry-run`
@bellpr bellpr requested a review from joelddiaz June 26, 2021 07:19
@joelddiaz
Copy link
Contributor

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jun 28, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 28, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bellpr, joelddiaz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 28, 2021
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@codecov
Copy link

codecov bot commented Jun 28, 2021
edited

Codecov Report

❗ No coverage uploaded for pull request base (master@cc33aa0). Click here to learn what that means.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master     #346   +/-   ##
=========================================
  Coverage          ?   44.82%           
=========================================
  Files             ?       74           
  Lines             ?     6918           
  Branches          ?        0           
=========================================
  Hits              ?     3101           
  Misses            ?     3329           
  Partials          ?      488

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cc33aa0...6a4309e. Read the comment docs.

@openshift-merge-robot openshift-merge-robot merged commit a23cab3 into openshift:master Jun 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abutcher abutcher Awaiting requested review from abutcher

@twiest twiest Awaiting requested review from twiest

@joelddiaz joelddiaz Awaiting requested review from joelddiaz

Assignees

@dgoodwin dgoodwin

@joelddiaz joelddiaz

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@bellpr @gregsheremeta @dgoodwin @akhil-rane @joelddiaz @openshift-bot @openshift-merge-robot