Replace BYOC with ManagedOpenShiftSupportRole

Co-authored-by: Panagiotis Georgiadis <[email protected]>

cmd/account/cli.go

@@ -92,7 +92,7 @@ func (o *cliOptions) run() error {
 				o.k8sclusterresourcefactory.AccountID,
 				o.k8sclusterresourcefactory.Awscloudfactory.RoleName)))
 		if err != nil {
-			klog.Error("Failed to assume BYOC role. Customer either deleted role or denied SREP access")
+			klog.Error("Failed to assume ManagedOpenShiftSupport role. Customer either deleted role or denied SREP access")
 			return err
 		}
 	}

cmd/account/console.go

@@ -83,7 +83,7 @@ func (o *consoleOptions) run() error {
 		aws.String(o.k8sclusterresourcefactory.Awscloudfactory.SessionName), aws.String(fmt.Sprintf("arn:aws:iam::%s:role/%s",
 			o.k8sclusterresourcefactory.AccountID, o.k8sclusterresourcefactory.Awscloudfactory.RoleName)))
 	if err != nil {
-		fmt.Fprintf(o.IOStreams.Out, "Generating console failed. If CCS cluster, customer removed or denied access to the BYOC role.")
+		fmt.Fprintf(o.IOStreams.Out, "Generating console failed. If CCS cluster, customer removed or denied access to the ManagedOpenShiftSupport role.")
 		return err
 	}
 	fmt.Fprintf(o.IOStreams.Out, "The AWS Console URL is:\n%s\n", consoleURL)

cmd/account/generate-secret.go

@@ -267,8 +267,8 @@ func (o *generateSecretOptions) generateCcsSecret() error {
 		return err
 	}
 
-	// Role chain to assume BYOCAdminAccessRole-{uid}
-	roleArn := aws.String(fmt.Sprintf("arn:aws:iam::%s:role/%s", account.Spec.AwsAccountID, "BYOCAdminAccess-"+accountIDSuffixLabel))
+	// Role chain to assume ManagedOpenShift-Support-{uid}
+	roleArn := aws.String(fmt.Sprintf("arn:aws:iam::%s:role/%s", account.Spec.AwsAccountID, "ManagedOpenShift-Support-"+accountIDSuffixLabel))
 	credentials, err := awsprovider.GetAssumeRoleCredentials(srepRoleClient, aws.Int64(900),
 		callerIdentityOutput.UserId, roleArn)
 	if err != nil {

cmd/account/rotate-secret.go

@@ -141,8 +141,8 @@ func (o *rotateSecretOptions) run() error {
 			return err
 		}
 
-		// Role chain to assume BYOCAdminAccessRole-{uid}
-		roleArn := aws.String(fmt.Sprintf("arn:aws:iam::%s:role/%s", accountID, "BYOCAdminAccess-"+accountIDSuffixLabel))
+		// Role chain to assume ManagedOpenShift-Support-{uid}
+		roleArn := aws.String(fmt.Sprintf("arn:aws:iam::%s:role/%s", accountID, "ManagedOpenShift-Support-"+accountIDSuffixLabel))
 		credentials, err = awsprovider.GetAssumeRoleCredentials(srepRoleClient, aws.Int64(900),
 			callerIdentityOutput.UserId, roleArn)
 		if err != nil {

cmd/cluster/health.go

@@ -148,7 +148,7 @@ func (o *healthOptions) run() error {
 				o.k8sclusterresourcefactory.AccountID,
 				o.k8sclusterresourcefactory.Awscloudfactory.RoleName)))
 		if err != nil {
-			klog.Error("Failed to assume BYOC role. Customer either deleted role or denied SREP access.")
+			klog.Error("Failed to assume ManagedOpenShiftSupport role. Customer either deleted role or denied SREP access.")
 			return err
 		}
 	}

cmd/sts/policydiff.go

@@ -42,15 +42,15 @@ func newCmdPolicyDiff(streams genericclioptions.IOStreams, flags *genericcliopti
 		},
 	}
 
-	policyDiffCmd.Flags().StringVarP(&ops.oldReleaseVersion, "old-version", "o", "", "")
+	policyDiffCmd.Flags().StringVarP(&ops.oldReleaseVersion, "previous-version", "p", "", "")
 	policyDiffCmd.Flags().StringVarP(&ops.newReleaseVersion, "new-version", "n", "", "")
 
 	return policyDiffCmd
 }
 
 func (o *policyDiffOptions) complete(cmd *cobra.Command, args []string) error {
 	if len(args) != 2 {
-		return cmdutil.UsageErrorf(cmd, "Old and new release version is required for policy-diff command")
+		return cmdutil.UsageErrorf(cmd, "Previous and new release version is required for policy-diff command")
 	}
 
 	for _, s := range args {

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/openshift-online/ocm-sdk-go v0.1.204
 	github.com/openshift/api v3.9.1-0.20191111211345-a27ff30ebf09+incompatible
 	github.com/openshift/aws-account-operator/pkg/apis v0.0.0-20210611151019-01b1df7a3e9e
-	github.com/openshift/gcp-project-operator v0.0.0-20210818135501-58ea50451037
+	github.com/openshift/gcp-project-operator v0.0.0-20210906153132-ce9b2425f1a7
 	github.com/openshift/hive v1.0.5
 	github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4
 	github.com/pkg/errors v0.9.1

go.sum

@@ -1882,8 +1882,8 @@ github.com/openshift/cluster-api-provider-openstack v0.0.0-20200526112135-319a35
 github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20200504092944-27473ea1ae43/go.mod h1:Vl/bvZulLw6PdUADIFWGfoTWH1O4L1B80eN7BtLYEuo=
 github.com/openshift/cluster-autoscaler-operator v0.0.0-20190521201101-62768a6ba480/go.mod h1:/XmV44Fh28Vo3Ye93qFrxAbcFJ/Uy+7LPD+jGjmfJYc=
 github.com/openshift/cluster-version-operator v3.11.1-0.20190629164025-08cac1c02538+incompatible/go.mod h1:0BbpR1mrN0F2ZRae5N1XHcytmkvVPaeKgSQwRRBWugc=
-github.com/openshift/gcp-project-operator v0.0.0-20210818135501-58ea50451037 h1:CJAy9YlhmToXZSJfQAK7VwBi8ueNEhZ4XvaH/oMAQ7E=
-github.com/openshift/gcp-project-operator v0.0.0-20210818135501-58ea50451037/go.mod h1:uRHPXMMwiVBYQuU6LhPPxIPuviT2UCs5H+huZecOXfs=
+github.com/openshift/gcp-project-operator v0.0.0-20210906153132-ce9b2425f1a7 h1:WMmBsiQxBGTKA2Lck4/aWzyNzoUqZrweBls3ugfNjI4=
+github.com/openshift/gcp-project-operator v0.0.0-20210906153132-ce9b2425f1a7/go.mod h1:uRHPXMMwiVBYQuU6LhPPxIPuviT2UCs5H+huZecOXfs=
 github.com/openshift/generic-admission-server v1.14.0/go.mod h1:GD9KN/W4KxqRQGVMbqQHpHzb2XcQVvLCaBaSciqXvfM=
 github.com/openshift/hive v1.0.5 h1:QWqdPR2H+Hb4FqgBBeX7EkQrpf04SPm+re1BW5uki00=
 github.com/openshift/hive v1.0.5/go.mod h1:X2NIeZ7/2yXEXYPIgsKkLDmu3bFm+fnTn331uAR1QVE=

pkg/k8s/clusterresourcefactory.go

@@ -174,7 +174,7 @@ func (factory *ClusterResourceFactoryOptions) GetCloudProvider(verbose bool) (aw
 			klog.Error("Unexpected error parsing the account CR suffix")
 			return nil, fmt.Errorf("Unexpected error parsing the account CR suffix")
 		}
-		factory.Awscloudfactory.RoleName = fmt.Sprintf("BYOCAdminAccess-%s", acctSuffix)
+		factory.Awscloudfactory.RoleName = fmt.Sprintf("ManagedOpenShift-Support-%s", acctSuffix)
 
 		// Get STS Credentials
 		if verbose {