Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PolicyDocument.Statement[].Resource not allowing single element #15

Open
mnkg561 opened this issue Jan 24, 2020 · 0 comments
Open

PolicyDocument.Statement[].Resource not allowing single element #15

mnkg561 opened this issue Jan 24, 2020 · 0 comments
Labels
bug Something isn't working

Comments

@mnkg561
Copy link
Contributor

mnkg561 commented Jan 24, 2020

Is this a BUG REPORT or FEATURE REQUEST?:
BUG REPORT

What happened:
AWS IAM Policy has a field Resource which can be single element or multiple elements(or array). iam-manager can unmarshal only if it is an array as Resource defined it as an array in the element.

What you expected to happen:
iam-manager must accept single element for Resource field along with array in the yaml file.

How to reproduce it (as minimally and precisely as possible):
create a role with Resource field having single element and you should see following error

mtvl15367e28a:playerdb nmogulla$ k apply -f /Users/nmogulla/Desktop/Eclipse_Workspace/GoProjects2/src/github.com/keikoproj/iam-manager/config/samples/iammanager_v1alpha1_iamrole.yaml
Error from server (InternalError): error when creating "/Users/nmogulla/Desktop/Eclipse_Workspace/GoProjects2/src/github.com/keikoproj/iam-manager/config/samples/iammanager_v1alpha1_iamrole.yaml": Internal error occurred: admission webhook "miamrole.kb.io" denied the request: v1alpha1.Iamrole.Spec: v1alpha1.IamroleSpec.PolicyDocument: v1alpha1.PolicyDocument.Statement: []v1alpha1.Statement: v1alpha1.Statement.Resource: []string: decode slice: expect [ or n, but found ", error found in #10 byte of ...|esource":"*"},{"Acti|..., bigger context ...|":["sts:AssumeRole"],"Effect":"Allow","Resource":"*"},{"Action":["ec2:Describe*"],"Effect":"Allow","|...
mtvl15367e28a:playerdb nmogulla$

Anything else we need to know?:

Environment:

  • iam-manager version
  • Kubernetes version :
$ kubectl version -o yaml

Other debugging information (if applicable):

- controller logs:

$ kubectl logs

@mnkg561 mnkg561 added the bug Something isn't working label Jan 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mnkg561