Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ecs-resource-agent: added field for existing profile #555

Merged
merged 1 commit into from
Sep 9, 2022
Merged

ecs-resource-agent: added field for existing profile #555

merged 1 commit into from
Sep 9, 2022

Conversation

mjsterckx
Copy link
Contributor

Added field for existing IAM profile to the CRD and code to check if the field contains a value: if so, retrieves the ARN of the submitted profile instead of the default one.

Issue number:

#379

Description of changes:

Added a field to the ecs-resource-agent CRD where a user can enter the name of an existing IAM instance profile. This allows cluster creation without IAM role creation permissions. The ecs-provider code will check if the field is used, and if so, attempt to retrieve the ARN of the submitted profile instead of the default one. If this is unsuccessful (because, for example, the profile does not exist), the ECS creation throws an error.

Testing done:

  • Ran ECS test without the field: everything ran exactly like before the changes
  • Ran ECS test with a profile name that does not exist:
    Provider error: An error occurred but no resources were left behind, The iam instance profile name was not found.: An error left resources behind that can be destroyed, Unable to get instance profile.: NoSuchEntityException: Instance Profile does-not-exist cannot be found.
  • Ran ECS test with a profile name that does exist: everything ran exactly like before the changes

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@mjsterckx mjsterckx marked this pull request as ready for review September 8, 2022 21:19
etungsten
etungsten reviewed Sep 9, 2022
View reviewed changes
bottlerocket/testsys/src/run_aws_ecs.rs Outdated Show resolved Hide resolved
bottlerocket/types/src/agent_config.rs Outdated Show resolved Hide resolved
@mjsterckx
ecs-resource-agent: added field for existing profile
0900c57 
Added field for existing IAM profile to the CRD and code to check
if the field contains a value: if so, retrieves the ARN of the
submitted profile instead of the default one.
@mjsterckx mjsterckx merged commit 8ac5a18 into bottlerocket-os:develop Sep 9, 2022
@mjsterckx mjsterckx deleted the ecs_iam_create_role branch September 9, 2022 18:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@etungsten etungsten etungsten approved these changes

@ecpullen ecpullen ecpullen approved these changes

@jpmcb jpmcb Awaiting requested review from jpmcb

@stmcginnis stmcginnis Awaiting requested review from stmcginnis

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mjsterckx @ecpullen @etungsten