Skip to content

Commit

Permalink
OCM-13175 | fix: optional work role check for AmazonEC2ContainerRegis…
Browse files Browse the repository at this point in the history
…tryReadOnly optional
  • Loading branch information
philipwu08 committed Dec 18, 2024
1 parent 8396ed1 commit f54c5e5
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions pkg/aws/policies.go
Original file line number Diff line number Diff line change
Expand Up @@ -2175,13 +2175,15 @@ func (c *awsClient) GetOperatorRoleDefaultPolicy(roleName string) (string, error

func (c *awsClient) validateManagedPolicy(policies map[string]*cmv1.AWSSTSPolicy, policyKey string,
roleName string) error {
// EC2 policy is now returned from CS for all orgs. It is optional since it's only required
// to create zero egress clusters
if policyKey == WorkerEC2RegistryKey {
c.logger.Infof("Ignored check for policy key '%s' (only required for zero egress enabled clusters)", policyKey)
return nil
}

managedPolicyARN, err := GetManagedPolicyARN(policies, policyKey)
if err != nil {
// EC2 policy is only available to orgs for zero-egress feature toggle enabled
if policyKey == WorkerEC2RegistryKey {
c.logger.Infof("Ignored check for policy key '%s' (zero egress feature toggle is not enabled)", policyKey)
return nil
}
return err
}

Expand Down

0 comments on commit f54c5e5

Please sign in to comment.