diff --git a/cmd/account/cli.go b/cmd/account/cli.go index 087dd739..8871a053 100644 --- a/cmd/account/cli.go +++ b/cmd/account/cli.go @@ -92,7 +92,7 @@ func (o *cliOptions) run() error { o.k8sclusterresourcefactory.AccountID, o.k8sclusterresourcefactory.Awscloudfactory.RoleName))) if err != nil { - klog.Error("Failed to assume BYOC role. Customer either deleted role or denied SREP access") + klog.Error("Failed to assume ManagedOpenShiftSupport role. Customer either deleted role or denied SREP access") return err } } diff --git a/cmd/account/console.go b/cmd/account/console.go index 51cf0ffd..4a206c95 100644 --- a/cmd/account/console.go +++ b/cmd/account/console.go @@ -83,7 +83,7 @@ func (o *consoleOptions) run() error { aws.String(o.k8sclusterresourcefactory.Awscloudfactory.SessionName), aws.String(fmt.Sprintf("arn:aws:iam::%s:role/%s", o.k8sclusterresourcefactory.AccountID, o.k8sclusterresourcefactory.Awscloudfactory.RoleName))) if err != nil { - fmt.Fprintf(o.IOStreams.Out, "Generating console failed. If CCS cluster, customer removed or denied access to the BYOC role.") + fmt.Fprintf(o.IOStreams.Out, "Generating console failed. If CCS cluster, customer removed or denied access to the ManagedOpenShiftSupport role.") return err } fmt.Fprintf(o.IOStreams.Out, "The AWS Console URL is:\n%s\n", consoleURL) diff --git a/cmd/account/generate-secret.go b/cmd/account/generate-secret.go index 2fbd9b4c..01a4c13f 100644 --- a/cmd/account/generate-secret.go +++ b/cmd/account/generate-secret.go @@ -267,8 +267,8 @@ func (o *generateSecretOptions) generateCcsSecret() error { return err } - // Role chain to assume BYOCAdminAccessRole-{uid} - roleArn := aws.String(fmt.Sprintf("arn:aws:iam::%s:role/%s", account.Spec.AwsAccountID, "BYOCAdminAccess-"+accountIDSuffixLabel)) + // Role chain to assume ManagedOpenShift-Support-{uid} + roleArn := aws.String(fmt.Sprintf("arn:aws:iam::%s:role/%s", account.Spec.AwsAccountID, "ManagedOpenShift-Support-"+accountIDSuffixLabel)) credentials, err := awsprovider.GetAssumeRoleCredentials(srepRoleClient, aws.Int64(900), callerIdentityOutput.UserId, roleArn) if err != nil { diff --git a/cmd/account/rotate-secret.go b/cmd/account/rotate-secret.go index 22d5b610..95720816 100644 --- a/cmd/account/rotate-secret.go +++ b/cmd/account/rotate-secret.go @@ -141,8 +141,8 @@ func (o *rotateSecretOptions) run() error { return err } - // Role chain to assume BYOCAdminAccessRole-{uid} - roleArn := aws.String(fmt.Sprintf("arn:aws:iam::%s:role/%s", accountID, "BYOCAdminAccess-"+accountIDSuffixLabel)) + // Role chain to assume ManagedOpenShift-Support-{uid} + roleArn := aws.String(fmt.Sprintf("arn:aws:iam::%s:role/%s", accountID, "ManagedOpenShift-Support-"+accountIDSuffixLabel)) credentials, err = awsprovider.GetAssumeRoleCredentials(srepRoleClient, aws.Int64(900), callerIdentityOutput.UserId, roleArn) if err != nil { diff --git a/cmd/cluster/health.go b/cmd/cluster/health.go index b87500ee..96c3e4ca 100644 --- a/cmd/cluster/health.go +++ b/cmd/cluster/health.go @@ -148,7 +148,7 @@ func (o *healthOptions) run() error { o.k8sclusterresourcefactory.AccountID, o.k8sclusterresourcefactory.Awscloudfactory.RoleName))) if err != nil { - klog.Error("Failed to assume BYOC role. Customer either deleted role or denied SREP access.") + klog.Error("Failed to assume ManagedOpenShiftSupport role. Customer either deleted role or denied SREP access.") return err } } diff --git a/go.mod b/go.mod index b469d2b8..bbcb3088 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/openshift-online/ocm-sdk-go v0.1.204 github.com/openshift/api v3.9.1-0.20191111211345-a27ff30ebf09+incompatible github.com/openshift/aws-account-operator/pkg/apis v0.0.0-20210611151019-01b1df7a3e9e - github.com/openshift/gcp-project-operator v0.0.0-20210818135501-58ea50451037 + github.com/openshift/gcp-project-operator v0.0.0-20210906153132-ce9b2425f1a7 github.com/openshift/hive v1.0.5 github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4 github.com/pkg/errors v0.9.1 diff --git a/go.sum b/go.sum index fe6e95e7..090a411a 100644 --- a/go.sum +++ b/go.sum @@ -1882,8 +1882,8 @@ github.com/openshift/cluster-api-provider-openstack v0.0.0-20200526112135-319a35 github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20200504092944-27473ea1ae43/go.mod h1:Vl/bvZulLw6PdUADIFWGfoTWH1O4L1B80eN7BtLYEuo= github.com/openshift/cluster-autoscaler-operator v0.0.0-20190521201101-62768a6ba480/go.mod h1:/XmV44Fh28Vo3Ye93qFrxAbcFJ/Uy+7LPD+jGjmfJYc= github.com/openshift/cluster-version-operator v3.11.1-0.20190629164025-08cac1c02538+incompatible/go.mod h1:0BbpR1mrN0F2ZRae5N1XHcytmkvVPaeKgSQwRRBWugc= -github.com/openshift/gcp-project-operator v0.0.0-20210818135501-58ea50451037 h1:CJAy9YlhmToXZSJfQAK7VwBi8ueNEhZ4XvaH/oMAQ7E= -github.com/openshift/gcp-project-operator v0.0.0-20210818135501-58ea50451037/go.mod h1:uRHPXMMwiVBYQuU6LhPPxIPuviT2UCs5H+huZecOXfs= +github.com/openshift/gcp-project-operator v0.0.0-20210906153132-ce9b2425f1a7 h1:WMmBsiQxBGTKA2Lck4/aWzyNzoUqZrweBls3ugfNjI4= +github.com/openshift/gcp-project-operator v0.0.0-20210906153132-ce9b2425f1a7/go.mod h1:uRHPXMMwiVBYQuU6LhPPxIPuviT2UCs5H+huZecOXfs= github.com/openshift/generic-admission-server v1.14.0/go.mod h1:GD9KN/W4KxqRQGVMbqQHpHzb2XcQVvLCaBaSciqXvfM= github.com/openshift/hive v1.0.5 h1:QWqdPR2H+Hb4FqgBBeX7EkQrpf04SPm+re1BW5uki00= github.com/openshift/hive v1.0.5/go.mod h1:X2NIeZ7/2yXEXYPIgsKkLDmu3bFm+fnTn331uAR1QVE= diff --git a/pkg/k8s/clusterresourcefactory.go b/pkg/k8s/clusterresourcefactory.go index a2624fad..d44994cd 100644 --- a/pkg/k8s/clusterresourcefactory.go +++ b/pkg/k8s/clusterresourcefactory.go @@ -174,7 +174,7 @@ func (factory *ClusterResourceFactoryOptions) GetCloudProvider(verbose bool) (aw klog.Error("Unexpected error parsing the account CR suffix") return nil, fmt.Errorf("Unexpected error parsing the account CR suffix") } - factory.Awscloudfactory.RoleName = fmt.Sprintf("BYOCAdminAccess-%s", acctSuffix) + factory.Awscloudfactory.RoleName = fmt.Sprintf("ManagedOpenShift-Support-%s", acctSuffix) // Get STS Credentials if verbose {