Skip to content

🐛 Make print-policy consistent with print-cloudformation-template #5654

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 6, 2025
Merged

🐛 Make print-policy consistent with print-cloudformation-template #5654

merged 1 commit into from
Sep 6, 2025
+28 −60

Conversation

dlipovetsky
Copy link
Contributor

@dlipovetsky dlipovetsky commented Sep 6, 2025
edited
Loading

What type of PR is this?
/kind bug

What this PR does / why we need it:
Previously, print-policy claimed to output all policies, but in fact it missed some policies, because it did not use the code as print-cloudformation-template. This change makes print-policy use the same code, making it consistent.

Also, print-policy would not output valid JSON, but rather multiple, concatenated JSON documents. It now outputs all policies as a valid JSON object, where the keys are policy names, and the values are the policies.

Before:

> clusterawsadm bootstrap iam print-policy
AWSIAMManagedPolicyControllers {
...
}
AWSIAMManagedPolicyControllersEKS {
...
}
AWSIAMManagedPolicyCloudProviderControlPlane {
...
}

After

{
  "AWSIAMManagedPolicyCloudProviderControlPlane": {
...
  },
  "AWSIAMManagedPolicyCloudProviderNodes": {
...
  },
  "AWSIAMManagedPolicyControllers": {
...
  }
}

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #4339

Special notes for your reviewer:

Checklist:

  • squashed commits
  • includes documentation
  • includes emoji in title
  • adds unit tests
  • adds or updates e2e tests

Release note:

The clusterawsadm print-policy command now prints all the policies in the template generated by the print-cloudformation-template command, and when it outputs multiple policies, the output is valid JSON.

@dlipovetsky
🐛 Make print-policy consistent with print-cloudformation-template
cde8f38 
Previously, print-policy claimed to output all policies, but in fact it
missed some policies, because it did not use the code as
print-cloudformation-template. This change makes print-policy use the
same code, making it consistent.

Also, print-policy would not output valid JSON, but rather multiple,
concatenated JSON documents. It now outputs all policies as a valid JSON
object, where the keys are policy names, and the values are the
policies.
@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-priority labels Sep 6, 2025
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Sep 6, 2025
@richardcase
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 6, 2025
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: a5af1864f6082590300bf012e69e0bd2007906ce

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: richardcase

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 6, 2025
@k8s-ci-robot k8s-ci-robot merged commit 60649f3 into kubernetes-sigs:main Sep 6, 2025
26 checks passed
@dlipovetsky
Copy link
Contributor Author

/cherrypick release-2.9 release-2.8

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Sep 8, 2025
Merged
@k8s-infra-cherrypick-robot
Copy link

@dlipovetsky: new pull request created: #5658

In response to this:

/cherrypick release-2.9 release-2.8

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@dlipovetsky
Copy link
Contributor Author

/cherrypick release-2.8

@k8s-infra-cherrypick-robot
Copy link

@dlipovetsky: new pull request created: #5659

In response to this:

/cherrypick release-2.8

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Sep 8, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@faiq faiq Awaiting requested review from faiq

@fiunchinho fiunchinho Awaiting requested review from fiunchinho

Assignees

@richardcase richardcase

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SecretsManager actions in node IAM policy vs. CloudFormation template
4 participants
@dlipovetsky @richardcase @k8s-ci-robot @k8s-infra-cherrypick-robot