Skip to content

Commit

Permalink
Merge pull request #2660 from hunterkepley/ocm-12828-1
Browse files Browse the repository at this point in the history
OCM-12828 | fix: Do not print create policy commands more than once op roles
  • Loading branch information
openshift-merge-bot[bot] authored Dec 2, 2024
2 parents 37f81bb + ea41336 commit dcd493e
Showing 1 changed file with 33 additions and 28 deletions.
61 changes: 33 additions & 28 deletions cmd/create/operatorroles/by_prefix.go
Original file line number Diff line number Diff line change
Expand Up @@ -428,6 +428,8 @@ func buildCommandsFromPrefix(r *rosa.Runtime, env string,
}

isSharedVpc := sharedVpcRoleArn != ""
var policyDetails = make(map[string]roles.ManualSharedVpcPolicyDetails)

commands := []string{}

for credrequest, operator := range credRequests {
Expand Down Expand Up @@ -529,52 +531,55 @@ func buildCommandsFromPrefix(r *rosa.Runtime, env string,

// Precreate HCP shared VPC policies for less memory usage + time to execute
// Shared VPC role arn (route53)
var policyDetails = make(map[string]roles.ManualSharedVpcPolicyDetails)
exists, createPolicyCommand, policyName, err := roles.GetHcpSharedVpcPolicyDetails(r, sharedVpcRoleArn)
if err != nil {
return "", err
}
policyDetails[aws.IngressOperatorCloudCredentialsRoleType] = roles.ManualSharedVpcPolicyDetails{
Command: createPolicyCommand,
Name: policyName,
AlreadyExists: exists,
if _, ok := policyDetails[aws.IngressOperatorCloudCredentialsRoleType]; !ok {
exists, createPolicyCommand, policyName, err := roles.GetHcpSharedVpcPolicyDetails(r, sharedVpcRoleArn)
if err != nil {
return "", err
}
policyDetails[aws.IngressOperatorCloudCredentialsRoleType] = roles.ManualSharedVpcPolicyDetails{
Command: createPolicyCommand,
Name: policyName,
AlreadyExists: exists,
}
}
// VPC endpoint role arn
exists, createPolicyCommand, policyName, err = roles.GetHcpSharedVpcPolicyDetails(r, vpcEndpointRoleArn)
if err != nil {
return "", err
}
if _, ok := policyDetails[aws.ControlPlaneCloudCredentialsRoleType]; !ok {

exists, createPolicyCommand, policyName, err := roles.GetHcpSharedVpcPolicyDetails(r, vpcEndpointRoleArn)
if err != nil {
return "", err
}

policyDetails[aws.ControlPlaneCloudCredentialsRoleType] = roles.ManualSharedVpcPolicyDetails{
Command: createPolicyCommand,
Name: policyName,
AlreadyExists: exists,
policyDetails[aws.ControlPlaneCloudCredentialsRoleType] = roles.ManualSharedVpcPolicyDetails{
Command: createPolicyCommand,
Name: policyName,
AlreadyExists: exists,
}
}

var policies []string

// Attach HCP shared VPC policies
switch credrequest {
case aws.IngressOperatorCloudCredentialsRoleType:
policies = append(policies, policyDetails[credrequest].Name)
if !policyDetails[credrequest].AlreadyExists { // Skip creation if already exists
policyCommands = append(policyCommands, policyDetails[credrequest].Command)
// Allow only one creation command for this policy to be printed
if details, ok := policyDetails[credrequest]; ok {
if details, ok := policyDetails[credrequest]; ok {
policies = append(policies, policyDetails[credrequest].Name)
if !policyDetails[credrequest].AlreadyExists { // Skip creation if already exists
policyCommands = append(policyCommands, policyDetails[credrequest].Command)
// Allow only one creation command for this policy to be printed
details.AlreadyExists = true
policyDetails[credrequest] = details
}
}
case aws.ControlPlaneCloudCredentialsRoleType:
for i, details := range policyDetails {
policies = append(policies, details.Name)
if details.AlreadyExists { // Skip creation if already exists
continue
if !details.AlreadyExists {
policyCommands = append(policyCommands, details.Command)
// Allow only one creation command for this policy to be printed
details.AlreadyExists = true
policyDetails[i] = details
}
policyCommands = append(policyCommands, details.Command)
// Allow only one creation command for this policy to be printed
details.AlreadyExists = true
policyDetails[i] = details
}
}

Expand Down

0 comments on commit dcd493e

Please sign in to comment.