From 36f9aabf60969645472f15c4cf432ea0a2878b66 Mon Sep 17 00:00:00 2001
From: Jonathan Innis <joinnis@amazon.com>
Date: Thu, 15 Jun 2023 10:43:15 -0700
Subject: [PATCH] Add sed replacement for GHA

---
 .github/actions/e2e/create-cluster/action.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/actions/e2e/create-cluster/action.yaml b/.github/actions/e2e/create-cluster/action.yaml
index 7c75b920425d..790ed41b78d4 100644
--- a/.github/actions/e2e/create-cluster/action.yaml
+++ b/.github/actions/e2e/create-cluster/action.yaml
@@ -49,6 +49,14 @@ runs:
       # Update the Cloudformation policy to add the permissionBoundary to the NodeRole
       yq -i '.Resources.KarpenterNodeRole.Properties.PermissionsBoundary="arn:aws:iam::${{ inputs.account_id }}:policy/GithubActionsPermissionsBoundary"' $CLOUDFORMATION_PATH
       
+      # Iterate through the policy and add more permissive tagging for tests to succeed
+      # There are various tests that add more tags than are permitted by the default policy
+      EXTRA_TAGS=""
+      for TAG in "TestTag" "example.com\/tag" "custom-tag" "custom-tag2"; do
+        EXTRA_TAGS="$EXTRA_TAGS\n                    \"$TAG\","
+      done
+      sed -i "s/\"aws:TagKeys\": \[/\"aws:TagKeys\": \[$EXTRA_TAGS/" "$CLOUDFORMATION_PATH"
+      
       aws iam create-service-linked-role --aws-service-name spot.amazonaws.com || true
       aws cloudformation deploy \
         --stack-name iam-${{ inputs.cluster_name }} \