Skip to content

Commit

Permalink
overwrite route53 role trust policy in any case (#273)
Browse files Browse the repository at this point in the history
  • Loading branch information
Berk Dehrioglu authored Mar 13, 2024
1 parent 4255964 commit 962bc05
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 4 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Changed

- Change trust policy attach logic to recreate it for Route53 role.

## [0.17.1] - 2024-03-12

### Fixed
Expand Down
12 changes: 9 additions & 3 deletions controllers/awsmachinetemplate_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -379,14 +379,20 @@ var _ = Describe("AWSMachineTemplateReconciler", func() {
// Implementation detail: instead of storing the ARN, the controller calls `GetRole` multiple times
// from different places. Remove once we don't do this anymore (hence the `MinTimes` call so we
// would notice).
/*mockIAMClient.EXPECT().GetRole(&iam.GetRoleInput{
mockIAMClient.EXPECT().GetRole(&iam.GetRoleInput{
RoleName: aws.String(info.ExpectedName),
}).MinTimes(1).Return(&iam.GetRoleOutput{
}).AnyTimes().Return(&iam.GetRoleOutput{
Role: &iam.Role{
Arn: aws.String(info.ReturnRoleArn),
Tags: expectedIAMTags,
},
}, nil)*/
}, nil)
if info.ExpectedName == externalDnsRoleInfo.ExpectedName || info.ExpectedName == certManagerRoleInfo.ExpectedName {
mockIAMClient.EXPECT().UpdateAssumeRolePolicy(&iam.UpdateAssumeRolePolicyInput{
PolicyDocument: aws.String(info.ExpectedAssumeRolePolicyDocument),
RoleName: aws.String(info.ExpectedName),
}).Return(&iam.UpdateAssumeRolePolicyOutput{}, nil)
}
mockIAMClient.EXPECT().GetRolePolicy(&iam.GetRolePolicyInput{
PolicyName: aws.String(info.ExpectedPolicyName),
RoleName: aws.String(info.ExpectedName),
Expand Down
2 changes: 1 addition & 1 deletion pkg/iam/iam.go
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ func (s *IAMService) reconcileRole(roleName string, roleType string, params inte
return err
}

if s.roleType == IRSARole || s.roleType == CertManagerRole {
if roleType == IRSARole || roleType == CertManagerRole || roleType == Route53Role {
if err = s.applyAssumePolicyRole(roleName, roleType, params); err != nil {
l.Error(err, "Failed to apply assume role policy to role")
return err
Expand Down

0 comments on commit 962bc05

Please sign in to comment.