iam-manager
iam-manager copied to clipboard
No protection from deleting role managed by two Iamroles
Is this a BUG REPORT or FEATURE REQUEST?:
A bit of both.
What happened:
I applied one Iamrole, which created the role in AWS. Then I applied a 2nd Iamrole w/ the same config but a different name. The 2nd Iamrole failed to apply with RolesMaxLimitReached
. When I deleted the 2nd Iamrole, Keiko deleted the role in AWS. The original Iamrole went unhealthy with NoSuchEntity
.
What you expected to happen:
I would have expected iam-manager to protect me from deleting the doubly-managed role, especially since the 2nd Iamrole never really "applied" the role - it had failed with a max limit error.
How to reproduce it (as minimally and precisely as possible):
Apply two Iamroles with the same config in the same namespace with different names. Make sure your per-namespace limit is 1.
Anything else we need to know?:
Environment:
- iam-manager version: v0.15.0
- Kubernetes version: 1.24