cluster-api-provider-aws icon indicating copy to clipboard operation
cluster-api-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

:seedling: Redefine managing IAM resources: Create and Delete

Open Atharva-Shinde opened this issue 10 months ago • 8 comments

What type of PR is this? /kind feature /area clusterawsadm

What this PR does / why we need it: Currently, CAPA manages prerequisites required by AWS through CloudFormation which has caused numerous issues to CAPA end-users. This PR works as a stepping stone in migrating away from the use of AWS CloudFormation and relying on service specific API calls to manage IAM resources and gradually make the process idempotent.

This PR introduces 2 new commands:

  1. clusterawsadm bootstrap iam create: creates IAM resources(roles, instances profiles and policies) from the bootstrap configuration file (uses default bootstrap configuration if not provided)
  2. clusterawsadm bootstrap iam delete deletes IAM resources(roles, instances profiles and policies) created using the bootstrap configuration file (uses default bootstrap configuration if not provided)

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged): Fixes #3715

Special notes for your reviewer: Screenshots:

Screenshot 2024-09-02 at 9 35 26 PM Screenshot 2024-09-02 at 9 37 03 PM

Checklist:

  • [ ] squashed commits
  • [ ] includes documentation
  • [ ] includes emojis
  • [ ] adds unit tests
  • [ ] adds or updates e2e tests

Release note:

Atharva-Shinde avatar Apr 04 '24 21:04 Atharva-Shinde

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Apr 04 '24 21:04 k8s-ci-robot

/assign @richardcase @Ankitasw

Atharva-Shinde avatar Apr 04 '24 21:04 Atharva-Shinde

@Atharva-Shinde Looks like there are CI failures here.

Would you mind taking a look at failures in linting and verifying in particular?

The linting job should have comments pointing at what to do in order to resolve the issue, such as this message about commenting or un-exporting a symbol.

nrb avatar Apr 29 '24 16:04 nrb

/retitle :seedling: Redefine managing IAM resources: Create and Delete

Updating the title should cause the PR verify job to pass.

nrb avatar Apr 29 '24 16:04 nrb

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from ankitasw. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot avatar Apr 30 '24 13:04 k8s-ci-robot

Thanks @nrb I've addressed the CI failures :)

Atharva-Shinde avatar Apr 30 '24 15:04 Atharva-Shinde

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Aug 30 '24 13:08 k8s-triage-robot

/remove-lifecycle stale

Atharva-Shinde avatar Sep 02 '24 16:09 Atharva-Shinde