iam-manager icon indicating copy to clipboard operation
iam-manager copied to clipboard

Published 20 hours ago verified publisher icon keikoproj

No protection from deleting role managed by two Iamroles

Open crenshaw-dev opened this issue 8 months ago • 0 comments

Is this a BUG REPORT or FEATURE REQUEST?:

A bit of both.

What happened:

I applied one Iamrole, which created the role in AWS. Then I applied a 2nd Iamrole w/ the same config but a different name. The 2nd Iamrole failed to apply with RolesMaxLimitReached. When I deleted the 2nd Iamrole, Keiko deleted the role in AWS. The original Iamrole went unhealthy with NoSuchEntity.

What you expected to happen:

I would have expected iam-manager to protect me from deleting the doubly-managed role, especially since the 2nd Iamrole never really "applied" the role - it had failed with a max limit error.

How to reproduce it (as minimally and precisely as possible):

Apply two Iamroles with the same config in the same namespace with different names. Make sure your per-namespace limit is 1.

Anything else we need to know?:

Environment:

  • iam-manager version: v0.15.0
  • Kubernetes version: 1.24

crenshaw-dev avatar Oct 11 '23 14:10 crenshaw-dev