SPLAT-1844: added step to report iam used by AWS job #58651
Conversation
|
@mtulio: This pull request references SPLAT-1844 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/valid-reference
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
openshift-ci
bot
added
the
do-not-merge/invalid-owners-file
|
@mtulio: This pull request references SPLAT-1844 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/pj-rehearse periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-perms-discovery |
|
@mtulio: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
mtulio
force-pushed
the
mvp-cloud-iam-access
branch
from
f95f0b7 to
5709c35
Compare
|
fixed the logic to prevent reaching installer flag that is not yet delivered. /pj-rehearse periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-perms-discovery |
|
@mtulio: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
mtulio
force-pushed
the
mvp-cloud-iam-access
branch
2 times, most recently
from
b46630b to
6a4195f
Compare
openshift-ci
bot
removed
the
do-not-merge/invalid-owners-file
|
fixed the IAM create user step to prevent skipping when the policy file is not set - this workflow expect to skip the policy creation when using the managed one /pj-rehearse periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-perms-discovery |
|
@mtulio: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
mtulio
force-pushed
the
mvp-cloud-iam-access
branch
from
6a4195f to
ab083f8
Compare
|
/pj-rehearse periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-perms-discovery |
|
@mtulio: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
mtulio
force-pushed
the
mvp-cloud-iam-access
branch
2 times, most recently
from
693c9a4 to
5cbb75a
Compare
|
/pj-rehearse periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-perms-discovery |
|
@mtulio: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
mtulio
force-pushed
the
mvp-cloud-iam-access
branch
from
5cbb75a to
8c21511
Compare
For some reason the global vars CLUSTER_NAME isn't set in gather step. Setting it in initial steps to be reused by gather: /pj-rehearse periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-perms-discovery |
|
@mtulio: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-perms-discovery |
|
@mtulio: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
mtulio
force-pushed
the
mvp-cloud-iam-access
branch
from
8c21511 to
f2789fa
Compare
|
Trying to ensure CLUSTER_NAME from shared dir: /pj-rehearse periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-perms-discovery |
|
Added the exception of identifying cases in the policy name and report it in the diff section, allowing reviewers to identifying typos in the CredentialRequests. /pj-rehearse periodic-ci-openshift-release-master-nightly-4.18-e2e-aws-ovn-audit-perms |
|
@mtulio: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/test all |
mtulio
changed the title
|
@mtulio: This pull request references SPLAT-1844 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
mtulio
force-pushed
the
mvp-cloud-iam-access
branch
from
81c2c41 to
1347631
Compare
openshift-merge-robot
added
the
needs-rebase
mtulio
force-pushed
the
mvp-cloud-iam-access
branch
from
1347631 to
c927a3b
Compare
openshift-merge-robot
removed
the
needs-rebase
|
/test all |
mtulio
force-pushed
the
mvp-cloud-iam-access
branch
from
c927a3b to
244ae22
Compare
|
/test release-controller-config |
|
/test all |
| # TODO(mtulio): define where to save that cross-component tool to parse IAM events. | ||
| # This script must not be saved in component repo as it is intented to be used by cross | ||
| # repo on CI. | ||
| log_msg "Downloading cci (cloud credential insights) utility" | ||
| wget -qO $CCI https://raw.githubusercontent.com/openshift-splat-team/cloud-credentials-insights/refs/heads/devel-cci-aws/cci.py |
There was a problem hiding this comment.
merge this script to main branch before moving this job/step.
mtulio
force-pushed
the
mvp-cloud-iam-access
branch
from
244ae22 to
bb52550
Compare
|
/test release-controller-config |
|
/test all |
This PR introduces a step `cloud-iam-access` to capture the audit logs from AWS, parse the events related to the CI periodic job `e2e-aws-ovn-audit-perms` - also introduced here, providing a overview comparing with the expected (requested by components).
mtulio
force-pushed
the
mvp-cloud-iam-access
branch
from
bb52550 to
d34d982
Compare
|
[REHEARSALNOTIFIER]
A total of 21963 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs. A full list of affected jobs can be found here Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
|
/pj-rehearse auto-ack |
|
@mtulio: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
@mtulio: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| # temp workaround for | ||
| # https://issues.redhat.com/browse/OCPBUGS-45218 | ||
| # https://issues.redhat.com/browse/OCPBUGS-46596 | ||
| echo "ec2:DescribeInstanceTypeOfferings" >> ${PERMISION_LIST} | ||
|
|
There was a problem hiding this comment.
Looks like this has been restored after rebsae.
|
/test all |
|
Issues in openshift/release go stale after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
the
lifecycle/stale
openshift-merge-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
WIP MVP for https://issues.redhat.com/browse/SPLAT-1844
ci-operator/step-registry/gather/cloud-iam-access/aws/gather-cloud-iam-access-aws-commands.sh
This PR introduces a step to capture the audit logs from AWS, parse the events related to the CI job, and provide a overview comparing with the expected (requested by components).