Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix make build; set IAM policy following read/modify/write #2751

Merged
merged 2 commits into from
Mar 21, 2019
Merged

fix make build; set IAM policy following read/modify/write #2751

merged 2 commits into from
Mar 21, 2019

Conversation

kunmingg
Copy link
Contributor

@kunmingg kunmingg commented Mar 20, 2019
edited by jlewi
Loading

  1. go binary need to import k8s 1.13.4 (kustomize) and 1.10.4 (ksonnet)
  2. set IAM policy need to follow read/modify/write mode

This change is Reviewable

@kunmingg kunmingg requested review from kkasravi and gabrielwen March 20, 2019 22:55
kkasravi
kkasravi approved these changes Mar 20, 2019
View reviewed changes
Copy link
Contributor

@kkasravi kkasravi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would also change the Makefile from

build-bootstrap: generate fmt vet

to

build-bootstrap: /tmp/v2 deepcopy generate fmt vet

otherwise lgtm

@kkasravi
Copy link
Contributor

/lgtm

gabrielwen
gabrielwen reviewed Mar 20, 2019
View reviewed changes
Copy link
Contributor

@gabrielwen gabrielwen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 10 files at r1.
Reviewable status: 3 of 10 files reviewed, 3 unresolved discussions (waiting on @abhi-g, @ellis-bigelow, @gabrielwen, and @kunmingg)

bootstrap/cmd/bootstrap/app/gcpUtils.go, line 145 at r1 (raw file):

// Clear existing bindings for auto-generated service accounts of current deployment.
// Those bindings could be leftover from previous actions.
func ClearServiceAccountpolicy(currentPolicy *cloudresourcemanager.Policy, req ApplyIamRequest) {

nit: ClearServiceAccountPolicy

bootstrap/cmd/bootstrap/app/gcpUtils.go, line 147 at r1 (raw file):

func ClearServiceAccountpolicy(currentPolicy *cloudresourcemanager.Policy, req ApplyIamRequest) {
	serviceAccounts := map[string]bool{
		fmt.Sprintf("serviceAccount:%v-admin@%v.iam.gserviceaccount.com", req.Cluster, req.Project): true,

move this function to here and use it?

kubeflow/bootstrap/pkg/kfapp/gcp/gcp.go

Line 126 in b066e07

func getSA(name string, nameSuffix string, project string) string {

bootstrap/cmd/bootstrap/app/gcpUtils_test.go, line 45 at r1 (raw file):

					},
				},
				Etag: "NeedPreserve",
  1. why adding this field?
  2. could we use enum or consts instead of random appeared strings?

@k8s-ci-robot k8s-ci-robot removed the lgtm label Mar 20, 2019
kunmingg
kunmingg commented Mar 20, 2019
View reviewed changes
Copy link
Contributor Author

@kunmingg kunmingg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 3 of 11 files reviewed, 2 unresolved discussions (waiting on @abhi-g, @ellis-bigelow, @gabrielwen, and @kunmingg)

bootstrap/cmd/bootstrap/app/gcpUtils.go, line 145 at r1 (raw file):

Previously, gabrielwen (Hung-Ting Wen) wrote…

nit: ClearServiceAccountPolicy

Done

bootstrap/cmd/bootstrap/app/gcpUtils.go, line 147 at r1 (raw file):

Previously, gabrielwen (Hung-Ting Wen) wrote…

move this function to here and use it?

kubeflow/bootstrap/pkg/kfapp/gcp/gcp.go

Line 126 in b066e07

func getSA(name string, nameSuffix string, project string) string {

Will do in followup RPs

bootstrap/cmd/bootstrap/app/gcpUtils_test.go, line 45 at r1 (raw file):

Previously, gabrielwen (Hung-Ting Wen) wrote…
  1. why adding this field?
  2. could we use enum or consts instead of random appeared strings?

Adding it to test to make sure we won't accidentally delete Etag.
Updated.

@kunmingg
Copy link
Contributor Author

updated

@gabrielwen
Copy link
Contributor

/lgtm

@kunmingg
Copy link
Contributor Author

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kunmingg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit db69d52 into kubeflow:master Mar 21, 2019
@kunmingg kunmingg deleted the iamrmw branch March 22, 2019 23:38
saffaalvi pushed a commit to StatCan/kubeflow that referenced this pull request Feb 11, 2021
@kunmingg @k8s-ci-robot
fix make build; set IAM policy following read/modify/write (kubeflow#…
446f330 
…2751)

* fix make build; set IAM policy following read/modify/write

* address comments
saffaalvi pushed a commit to StatCan/kubeflow that referenced this pull request Feb 12, 2021
@kunmingg @k8s-ci-robot
fix make build; set IAM policy following read/modify/write (kubeflow#…
89f9c5a 
…2751)

* fix make build; set IAM policy following read/modify/write

* address comments
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gabrielwen gabrielwen gabrielwen left review comments

@kkasravi kkasravi kkasravi approved these changes

@abhi-g abhi-g Awaiting requested review from abhi-g

@ellistarn ellistarn Awaiting requested review from ellistarn

Assignees

@kkasravi kkasravi

@gabrielwen gabrielwen

Labels
approved cla: yes lgtm size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kunmingg @kkasravi @gabrielwen @k8s-ci-robot @googlebot