OCPBUGS-94238: Add missing CLI IAM role policy entry#8883
Conversation
|
Pipeline controller notification For optional jobs, comment This repository is configured in: LGTM mode |
|
@ironcladlou: This pull request references Jira Issue OCPBUGS-94238, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Central YAML (inherited) Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughThis change adds the 🚥 Pre-merge checks | ✅ 11✅ Passed checks (11 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@ironcladlou: This pull request references Jira Issue OCPBUGS-94238, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Before this commit, clusters created via the CLI with `--sts-creds` couldn't be fully deleted due to a missing `iam:ListRolePolicies` policy entry, preventing IAM role cleanup. This commit corrects the policy so all IAM resources created by the CLI flow can be deleted. Fixes OCPBUGS-94238
41dea99 to
cb988a3
Compare
|
@ironcladlou: This pull request references Jira Issue OCPBUGS-94238, which is valid. 3 validation(s) were run on this bug
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #8883 +/- ##
==========================================
+ Coverage 43.11% 43.19% +0.07%
==========================================
Files 766 767 +1
Lines 94870 94910 +40
==========================================
+ Hits 40907 40997 +90
+ Misses 51115 51050 -65
- Partials 2848 2863 +15
... and 9 files with indirect coverage changes
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
|
/approve |
|
Scheduling tests matching the |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: csrwng, devguyio, ironcladlou The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/refresh |
AI Test Failure AnalysisJob: Generated by hypershift-analyze-e2e-failure post-step using Claude claude-opus-4-6 |
Test Resultse2e-aws
e2e-aks
|
AI Test Failure AnalysisJob: Generated by hypershift-analyze-e2e-failure post-step using Claude claude-opus-4-6 |
|
/retest |
|
/retest |
|
I now have all the evidence I need. Let me produce the final report. Test Failure Analysis CompleteJob Information
Test Failure AnalysisErrorSummaryThe Root CauseThe root cause is an AWS infrastructure cleanup timeout during test teardown, not a product bug or a regression from PR #8883. What happened step by step:
Why this is unrelated to PR #8883:
Recommendations
Evidence
|
|
/retest |
|
/verified by "manual testing" |
|
@ironcladlou: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@ironcladlou: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
@ironcladlou: Jira Issue Verification Checks: Jira Issue OCPBUGS-94238 Jira Issue OCPBUGS-94238 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Before this commit, clusters created via the CLI with
--sts-credscouldn't be fully deleted due to a missingiam:ListRolePoliciespolicy entry, preventing IAM role cleanup.This commit corrects the policy so all IAM resources created by the CLI flow can be deleted.
There's currently no e2e coverage for the STS flow at all, which should be addressed in a followup.
Fixes OCPBUGS-94238
Summary by CodeRabbit