Closed SnehaMore20 closed 4 years ago
Now able to update the policy even if its attached to role but this leads to another issues
after updating the policy it creates one more version of policy and now we are not able to delete the policy
2020-06-15T09:47:53.417Z ERROR controllers.Policy unable to delete Policy {"policy": "kube-system/aws-cluster-autoscaler", "error": "DeleteConflict: This policy has more than one version. Before you delete a policy, you must delete the policy's versions. The default version is deleted with the policy.\n\tstatus code: 409, request id: 65d19350-d400-49e2-bfea-db3c65e5cacd"}
Not able to delete the policy even if policy has only default version
2020-06-17T07:55:25.767Z ERROR controllers.Policy unable to delete Policy {"policy":
"kube-system/aws-cluster-autoscaler", "error": "DeleteConflict: Cannot delete the default version
of a policy.\n\tstatus code: 409, request id: 1c600a4b-6b76-4375-a3bf-4eceb80afeb8"}
github.com/go-logr/zapr.(*zapLogger).Error
/go/pkg/mod/github.com/go-logr/zapr@v0.1.0/zapr.go:128
github.com/redradrat/aws-iam-operator/controllers.(*PolicyReconciler).Reconcile
/workspace/controllers/policy_controller.go:111
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.0/pkg/internal/controller/controller.go:256
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.0/pkg/internal/controller/controller.go:232
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker
/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.0/pkg/internal/controller/controller.go:211
k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1
/go/pkg/mod/k8s.io/apimachinery@v0.17.2/pkg/util/wait/wait.go:152
k8s.io/apimachinery/pkg/util/wait.JitterUntil
/go/pkg/mod/k8s.io/apimachinery@v0.17.2/pkg/util/wait/wait.go:153
k8s.io/apimachinery/pkg/util/wait.Until
/go/pkg/mod/k8s.io/apimachinery@v0.17.2/pkg/util/wait/wait.go:88
@SnehaMore20 I pushed the latest update to master to prevent deleteion of the default policy version. Can you please check?
This should be fixed now in master.
If policy is already attached to role, and if we try to update the policy it gives error:
ERROR controller-runtime.controller Reconciler error {"controller": "policy", "request": "<namespace>/<policy-name>", "error": "cannot delete policy due to existing PolicyAttachment '<policyattachment>/<namespace>'"}