Skip to content

Commit

Permalink
OCM-7881 | fix: skips policy compatibility check when version supplie…
Browse files Browse the repository at this point in the history 
…d is empty
  • Loading branch information
@gdbranco
gdbranco committed May 7, 2024
1 parent 2ee308a commit 9bd26c4
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 0 deletions.
4 changes: 4 additions & 0 deletions pkg/aws/policies.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -399,6 +399,10 @@ func (c *awsClient) createPolicy(policyArn string, document string, tagList map[
}

func (c *awsClient) IsPolicyCompatible(policyArn string, version string) (bool, error) {
// Ignore if there is no version
if version == "" {
return true, nil
}
output, err := c.iamClient.ListPolicyTags(context.Background(), &iam.ListPolicyTagsInput{
PolicyArn: aws.String(policyArn),
})
Expand Down
52 changes: 52 additions & 0 deletions pkg/aws/policies_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,67 @@ import (
gomock "go.uber.org/mock/gomock"

"github.com/aws/aws-sdk-go-v2/aws"
awsSdk "github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/iam"
iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
"github.com/sirupsen/logrus"

"github.com/openshift/rosa/pkg/aws/mocks"
"github.com/openshift/rosa/pkg/aws/tags"
)

var _ = Describe("Is Policy Compatible", func() {
var (
client Client
mockCtrl *gomock.Controller

mockEC2API *mocks.MockEc2ApiClient
mockCfAPI *mocks.MockCloudFormationApiClient
mockIamAPI *mocks.MockIamApiClient
mockS3API *mocks.MockS3ApiClient
mockSecretsManagerAPI *mocks.MockSecretsManagerApiClient
mockSTSApi *mocks.MockStsApiClient
)

BeforeEach(func() {
mockCtrl = gomock.NewController(GinkgoT())
mockCfAPI = mocks.NewMockCloudFormationApiClient(mockCtrl)
mockIamAPI = mocks.NewMockIamApiClient(mockCtrl)
mockEC2API = mocks.NewMockEc2ApiClient(mockCtrl)
mockS3API = mocks.NewMockS3ApiClient(mockCtrl)
mockSTSApi = mocks.NewMockStsApiClient(mockCtrl)
mockSecretsManagerAPI = mocks.NewMockSecretsManagerApiClient(mockCtrl)
client = New(
awsSdk.Config{},
logrus.New(),
mockIamAPI,
mockEC2API,
mocks.NewMockOrganizationsApiClient(mockCtrl),
mockS3API,
mockSecretsManagerAPI,
mockSTSApi,
mockCfAPI,
mocks.NewMockServiceQuotasApiClient(mockCtrl),
mocks.NewMockServiceQuotasApiClient(mockCtrl),
&AccessKey{},
false,
)
})

AfterEach(func() {
mockCtrl.Finish()
})
When("Version is empty", func() {
It("Should be compatible", func() {
isCompatible, err := client.IsPolicyCompatible("fakearn", "")
Expect(err).To(BeNil())
Expect(isCompatible).To(BeTrue())
})
})
})

var _ = Describe("Is Account Role Version Compatible", func() {
When("Role isn't an account role", func() {
It("Should return not compatible", func() {
Expand Down

0 comments on commit 9bd26c4

Please sign in to comment.