Skip to content

Commit

Permalink
Merge pull request openshift#2152 from marcolan018/ocm-8648
Browse files Browse the repository at this point in the history
OCM-8648 | feat: handle 412 response in upgrade commands
  • Loading branch information
openshift-merge-bot[bot] authored Jun 7, 2024
2 parents 03a121c + acc39f6 commit 68d23f6
Showing 1 changed file with 43 additions and 10 deletions.
53 changes: 43 additions & 10 deletions cmd/upgrade/roles/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@ const (
clusterVersionFlag = "cluster-version"
policyVersionFlag = "policy-version"
channelGroupFlag = "channel-group"

ArbitraryPolicyNotAvail = "STS arbitrary policies feature is currently not available"
)

func init() {
Expand Down Expand Up @@ -267,15 +269,24 @@ func run(cmd *cobra.Command, argv []string) {

rolePolicyBindings, err := ocmClient.ListRolePolicyBindings(cluster.ID(), true)
if err != nil {
reporter.Errorf("Failed to get rolePolicyBinding: %s", err)
os.Exit(1)
if strings.Contains(err.Error(), ArbitraryPolicyNotAvail) {
reporter.Debugf(err.Error())
} else {
reporter.Errorf("Failed to get rolePolicyBinding: %s", err)
os.Exit(1)
}
} else {
err = rolepolicybindings.CheckRolePolicyBindingStatus(rolePolicyBindings)
if err != nil {
reporter.Errorf("Error in rolePolicyBinding: %s", err)
os.Exit(1)
}
}
err = rolepolicybindings.CheckRolePolicyBindingStatus(rolePolicyBindings)
if err != nil {
reporter.Errorf("Error in rolePolicyBinding: %s", err)
os.Exit(1)

rolePolicyDetails := map[string][]aws.PolicyDetail{}
if rolePolicyBindings != nil {
rolePolicyDetails = rolepolicybindings.TransformToRolePolicyDetails(rolePolicyBindings)
}
rolePolicyDetails := rolepolicybindings.TransformToRolePolicyDetails(rolePolicyBindings)

if !isUpgradeNeedForAccountRolePolicies {
reporter.Infof("Account roles/policies for cluster '%s' are already up-to-date.", r.ClusterKey)
Expand Down Expand Up @@ -475,11 +486,18 @@ func run(cmd *cobra.Command, argv []string) {
}
}

if isUpgradeNeedForAccountRolePolicies && mode == interactive.ModeAuto || isOperatorPolicyUpgradeNeeded {
if rolePolicyBindings != nil && isUpgradeNeedForAccountRolePolicies &&
mode == interactive.ModeAuto || isOperatorPolicyUpgradeNeeded {
newRolePolicyBindings, err := ocmClient.ListRolePolicyBindings(cluster.ID(), true)
if err != nil {
reporter.Warnf("Failed to get rolePolicyBindings after upgrade." +
" Please ensure that the required policies are attached to the upgraded roles.")
if strings.Contains(err.Error(), ArbitraryPolicyNotAvail) {
reporter.Warnf(
"%s. Please ensure that the required policies are attached to the upgraded roles.",
ArbitraryPolicyNotAvail)
} else {
reporter.Warnf("Failed to get rolePolicyBindings after upgrade." +
" Please ensure that the required policies are attached to the upgraded roles.")
}
} else {
output, isPolicyMissed := rolepolicybindings.CheckMissingRolePolicyBindings(rolePolicyBindings,
newRolePolicyBindings)
Expand Down Expand Up @@ -522,6 +540,14 @@ func handleAccountRolePolicyARN(
accountID string,
policiesDetails []aws.PolicyDetail,
) (string, error) {
var err error
if policiesDetails == nil {
policiesDetails, err = awsClient.GetAttachedPolicy(&roleName)
if err != nil {
return "", err
}
}

attachedPoliciesDetail := aws.FindAllAttachedPolicyDetails(policiesDetails)

generatedPolicyARN := aws.GetPolicyARN(partition, accountID, roleName, rolePath)
Expand Down Expand Up @@ -949,6 +975,13 @@ func handleOperatorRolePolicyARN(
accountID string,
policiesDetails []aws.PolicyDetail,
) (string, error) {
var err error
if policiesDetails == nil {
policiesDetails, err = awsClient.GetAttachedPolicy(&operatorRoleName)
if err != nil {
return "", err
}
}
generatedPolicyARN := aws.GetOperatorPolicyARN(
partition,
accountID,
Expand Down

0 comments on commit 68d23f6

Please sign in to comment.