OCPBUGS-16181: Write manifests when AWS IAM roles already exist.

[abutcher]

No description provided.

[abutcher]

Holding for testing & to check if manifest generation for other clouds will have the same issue.
/hold

[2uasimojo]

IIUC we get here if there's a role of the expected name. How confident can we be that it has the right settings? Should we validate them? What would be the right behavior if they don't match?

• Delete the role and recreate it? If this is right, then we could simplify by simply doing that regardless.
• Modify the role to have the right attributes? For some deltas -- like tags -- this might make sense; but for others, it could be Bad™ -- like if it would change the actual security-ness of the role.
• ...so probably the only right answer is to error. Which may be why the code was the way it was in the first place.

[abutcher]

It looks like we apply policy derived from the provided CredentialsRequests on roles after this even if the role already existed so we may already be stomping the existing role policy to be what we expect based on the invocation.

[codecov]

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (2c3298b) 48.19% compared to head (a15b7a3) 50.46%.
Report is 59 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #514      +/-   ##
==========================================
+ Coverage   48.19%   50.46%   +2.27%     
==========================================
  Files          96       96              
  Lines       11635    12853    +1218     
==========================================
+ Hits         5607     6486     +879     
- Misses       5415     5696     +281     
- Partials      613      671      +58     

Files	Coverage Δ
pkg/cmd/provisioning/aws/create-iam-roles.go	61.13% <0.00%> (-0.59%)	⬇️

... and 17 files with indirect coverage changes

[2uasimojo]

Okay, I was getting confused about what we were writing here. It's the secret in the cluster, not the policy in the cloud. This makes sense.

Add UT? Like here?

[abutcher]

Yep! This writes the secrets we put into the manifests directory to be read by the installer. There was some more discussion on the card so may need more changes depending on what the UX should be when the user running ccoctl aws create-all just wants to write the secrets but doesn't want to create (or update) anything in the cloud.

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[openshift-bot]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

[openshift-bot]

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

[openshift-ci]

@openshift-bot: Closed this PR.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@abutcher: This pull request references Jira Issue OCPBUGS-16181, which is invalid:

• expected the bug to target the "4.14.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

CCO-335

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@abutcher: This pull request references Jira Issue OCPBUGS-16181, which is invalid:

• expected the bug to target the "4.14.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[abutcher]

/jira refresh

[openshift-ci-robot]

@abutcher: This pull request references Jira Issue OCPBUGS-16181, which is invalid:

• expected the bug to target the "4.14.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[abutcher]

/jira refresh

[openshift-ci-robot]

@abutcher: This pull request references Jira Issue OCPBUGS-16181, which is invalid:

• expected the bug to target the "4.14.0" version, but it targets "4.14.z" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[abutcher]

/jira refresh

[openshift-ci-robot]

@abutcher: This pull request references Jira Issue OCPBUGS-16181, which is invalid:

• expected the bug to target the "4.14.0" version, but it targets "4.14.z" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[abutcher]

/test e2e-aws-ovn

[jstuever]

/jira refresh

[openshift-ci-robot]

@jstuever: This pull request references Jira Issue OCPBUGS-16181, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.16.0) matches configured target version for branch (4.16.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jstuever]

/assign

[jstuever]

/retest

[jstuever]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abutcher, jstuever

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jstuever]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jstuever]

/hold cancel

[openshift-ci]

@abutcher: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-ci-robot]

@abutcher: Jira Issue OCPBUGS-16181: All pull requests linked via external trackers have merged:

• openshift/cloud-credential-operator#514

Jira Issue OCPBUGS-16181 has been moved to the MODIFIED state.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jstuever]

/cherry-pick release-4.15

[openshift-cherrypick-robot]

@jstuever: new pull request created: #653

In response to this:

/cherry-pick release-4.15

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-cloud-credential-operator-container-v4.16.0-202401141455.p0.g8bca79f.assembly.stream for distgit ose-cloud-credential-operator.
All builds following this will include this PR.