Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat:add new support for permission boundry #19

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

bulka1
Copy link

@bulka1 bulka1 commented Sep 4, 2023

Description

This change adds a an option to add a permission boundary policy when creating the irsa rule

Type of change

  • A bug fix (PR prefix fix)
  • A new feature (PR prefix feat)
  • A code change that neither fixes a bug nor adds a feature (PR prefix refactor)
  • Adding missing tests or correcting existing tests (PR prefix test)
  • Changes that do not affect the meaning of the code like white-spaces, formatting, missing semi-colons, etc. (PR prefix style)
  • Changes to our CI configuration files and scripts (PR prefix ci)
  • Documentation only changes (PR prefix docs)

How Has This Been Tested?

@bulka1
Copy link
Author

bulka1 commented Sep 4, 2023

fixes #18

@bulka1 bulka1 changed the title add new support for permission boundry feat:add new support for permission boundry Sep 4, 2023
@jaygridley jaygridley requested a review from dojci September 15, 2023 07:47
@jaygridley
Copy link
Member

@dojci Could you please have a look at this?

@dojci dojci requested review from katapultcloud and removed request for dojci January 23, 2024 21:25
Copy link

@katapultcloud katapultcloud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added some comments and when these are resolved we can merge this.

count = local.irsa_role_create ? 1 : 0
name = "${var.irsa_role_name_prefix}-${var.helm_chart_name}" # tflint-ignore: aws_iam_role_invalid_name
assume_role_policy = data.aws_iam_policy_document.this_irsa[0].json
permissions_boundary = var.irsa_permissions_boundary

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when permission boundary is empty tflint is failing. It needs to be ignore with the comment:

# tflint-ignore: aws_iam_role_invalid_permissions_boundary

@@ -129,6 +129,12 @@ variable "irsa_tags" {
description = "IRSA resources tags"
}

variable "irsa_permissions_boundary" {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when adding new variables make sure to run terraform-docs so README.md is adjusted along with the Terraform changes.

terraform-docs markdown table --output-file README.md --output-mode inject .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

feature: add support for permission boundry when creating an irsa role
4 participants