search

openshift / aws-account-operator

Operator to manage pool of AWS accounts for Hive
Apache License 2.0
32 stars 73 forks source link

[OSD-21097-handle-permissions-errors] Handle Misconfigured Role Permissions #825

Closed reedcort closed 3 months ago

reedcort commented 4 months ago

What is being added?

A fix to handle accounts that don't have the correct permissions to enable opt in regions. The change will update the state from TODO to MANUL_ACTION and prevent accounts from continuously trying to enable accounts with the wrong permissions

Checklist before requesting review

Steps To Manually Test

  1. Start the operator
  2. Modify OrganizationAccountAccessRole permissions
  3. Run "make predeploy"
  4. Set "feature.opt_in_regions" to true in hack/templates/aws.managed.openshift.io_v1alpha1_configmap.tmpl
  5. Add "opt-in-regions" entry to hack/templates/aws.managed.openshift.io_v1alpha1_configmap.tmpl
  6. Run "make create-account"
  7. Set account.Spec.accountPool to "hs-zero-size-accountpool"
  8. Verify account CR state changes to READY
  9. Verify in the AWS console that the opt-in regions specified in the configMap are enabled

Ref OSD-21097

codecov-commenter commented 4 months ago

Codecov Report

Attention: Patch coverage is 70.00000% with 3 lines in your changes are missing coverage. Please review.

Project coverage is 47.62%. Comparing base (d302f4c) to head (941b949).

Additional details and impacted files [![Impacted file tree graph](https://app.codecov.io/gh/openshift/aws-account-operator/pull/825/graphs/tree.svg?width=650&height=150&src=pr&token=u4xGTZltpx&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift)](https://app.codecov.io/gh/openshift/aws-account-operator/pull/825?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift) ```diff @@ Coverage Diff @@ ## master #825 +/- ## ========================================== + Coverage 47.60% 47.62% +0.01% ========================================== Files 44 44 Lines 6663 6669 +6 ========================================== + Hits 3172 3176 +4 - Misses 3152 3154 +2 Partials 339 339 ``` | [Files](https://app.codecov.io/gh/openshift/aws-account-operator/pull/825?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift) | Coverage Δ | | |---|---|---| | [api/v1alpha1/account\_types.go](https://app.codecov.io/gh/openshift/aws-account-operator/pull/825?src=pr&el=tree&filepath=api%2Fv1alpha1%2Faccount_types.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift#diff-YXBpL3YxYWxwaGExL2FjY291bnRfdHlwZXMuZ28=) | `81.76% <100.00%> (ø)` | | | [controllers/account/account\_controller.go](https://app.codecov.io/gh/openshift/aws-account-operator/pull/825?src=pr&el=tree&filepath=controllers%2Faccount%2Faccount_controller.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift#diff-Y29udHJvbGxlcnMvYWNjb3VudC9hY2NvdW50X2NvbnRyb2xsZXIuZ28=) | `36.10% <100.00%> (ø)` | | | [...ollers/validation/account\_validation\_controller.go](https://app.codecov.io/gh/openshift/aws-account-operator/pull/825?src=pr&el=tree&filepath=controllers%2Fvalidation%2Faccount_validation_controller.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift#diff-Y29udHJvbGxlcnMvdmFsaWRhdGlvbi9hY2NvdW50X3ZhbGlkYXRpb25fY29udHJvbGxlci5nbw==) | `42.50% <0.00%> (ø)` | | | [controllers/account/region\_enablement.go](https://app.codecov.io/gh/openshift/aws-account-operator/pull/825?src=pr&el=tree&filepath=controllers%2Faccount%2Fregion_enablement.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift#diff-Y29udHJvbGxlcnMvYWNjb3VudC9yZWdpb25fZW5hYmxlbWVudC5nbw==) | `53.80% <71.42%> (+0.37%)` | :arrow_up: |
openshift-ci[bot] commented 4 months ago

@reedcort: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
iamkirkbater commented 3 months ago

/lgtm

openshift-ci[bot] commented 3 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: iamkirkbater, reedcort

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/aws-account-operator/blob/master/OWNERS)~~ [iamkirkbater] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment