fix

Signed-off-by: marcolan018 <llan@redhat.com>
openshift · May 9, 2024 · ed64506 · ed64506
1 parent 766aa25
commit ed64506
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 7 deletions.
diff --git a/cmd/upgrade/roles/cmd.go b/cmd/upgrade/roles/cmd.go
@@ -270,7 +270,7 @@ func run(cmd *cobra.Command, argv []string) {
 		reporter.Errorf("Failed to get rolePolicyBinding: %s", err)
 		os.Exit(1)
 	}
-	err = rolepolicybindings.ValidateRolePolicyBindings(rolePolicyBindings)
+	err = rolepolicybindings.CheckRolePolicyBindingStatus(rolePolicyBindings)
 	if err != nil {
 		reporter.Errorf("Error in rolePolicyBinding: %s", err)
 		os.Exit(1)
@@ -479,7 +479,7 @@ func run(cmd *cobra.Command, argv []string) {
 		newRolePolicyBindings, err := ocmClient.ListRolePolicyBindings(cluster.ID(), true)
 		if err != nil {
 			reporter.Warnf("Failed to get rolePolicyBindings after upgrade," +
-				" please check the attached policies on upgraded roles")
+				" please ensure the required policies attached on upgraded roles")
 		} else {
 			output, isPolicyMissed := rolepolicybindings.CheckMissingRolePolicyBindings(rolePolicyBindings,
 				newRolePolicyBindings)

diff --git a/pkg/aws/policies.go b/pkg/aws/policies.go
@@ -1964,7 +1964,8 @@ func (c *awsClient) GetAccountRoleDefaultPolicy(roleName string, prefix string)
 		return "", nil
 	}
 	if len(policies) > 1 {
-		return "", fmt.Errorf("There are more than one RedHat managed policy attached to the role %s", roleName)
+		return "", fmt.Errorf("There are more than one Red Hat managed account role policy attached to the role %s",
+			roleName)
 	}
 	return policies[0], nil
 }
@@ -1982,7 +1983,8 @@ func (c *awsClient) GetOperatorRoleDefaultPolicy(roleName string) (string, error
 		return "", nil
 	}
 	if len(policies) > 1 {
-		return "", fmt.Errorf("There are more than one RedHat managed policy attached to the role %s", roleName)
+		return "", fmt.Errorf("There are more than one Red Hat managed operator role policy attached to the role %s",
+			roleName)
 	}
 	return policies[0], nil
 }

diff --git a/pkg/helper/rolepolicybindings/helpers.go b/pkg/helper/rolepolicybindings/helpers.go
@@ -31,7 +31,7 @@ const (
 	RolePolicyBindingFailedStatus = "failed"
 )
 
-func ValidateRolePolicyBindings(bindings *cmv1.RolePolicyBindingList) error {
+func CheckRolePolicyBindingStatus(bindings *cmv1.RolePolicyBindingList) error {
 	for _, binding := range bindings.Slice() {
 		if binding.Status().Value() == RolePolicyBindingFailedStatus {
 			return fmt.Errorf("Failed to get attach policies of role %s: %s",
@@ -46,7 +46,7 @@ func CheckMissingRolePolicyBindings(desired, actual *cmv1.RolePolicyBindingList)
 	actualBindings := map[string][]string{}
 	for _, binding := range actual.Slice() {
 		roleBindings := []string{}
-		if binding.Policies() != nil {
+		if binding != nil && binding.Policies() != nil {
 			for _, policy := range binding.Policies() {
 				roleBindings = append(roleBindings, policy.Arn())
 			}
@@ -55,6 +55,9 @@ func CheckMissingRolePolicyBindings(desired, actual *cmv1.RolePolicyBindingList)
 	}
 	missingBindings := map[string][]string{}
 	for _, binding := range desired.Slice() {
+		if binding == nil {
+			continue
+		}
 		for _, policy := range binding.Policies() {
 			if !slices.Contains(actualBindings[binding.Name()], policy.Arn()) {
 				if missingBindings[binding.Name()] == nil {

diff --git a/pkg/helper/rolepolicybindings/helpers_test.go b/pkg/helper/rolepolicybindings/helpers_test.go
@@ -63,7 +63,7 @@ var _ = Describe("Policy Service", func() {
 		It("Test ValidateRolePolicyBindings", func() {
 			bindingList, err := cmv1.NewRolePolicyBindingList().Items(failedBinding).Build()
 			Expect(err).ShouldNot(HaveOccurred())
-			err = ValidateRolePolicyBindings(bindingList)
+			err = CheckRolePolicyBindingStatus(bindingList)
 			Expect(err).Should(HaveOccurred())
 			Expect(err.Error()).To(Equal(fmt.Sprintf("Failed to get attach policies of role %s: %s",
 				roleName1, errDesc)))