Merge pull request #45 from coveooss/fix/DEF-2460-log-out-of-sync-reason

Log the out-of-sync issues, so we can fix them
coveooss · Jan 31, 2024 · 1de9465 · 1de9465
2 parents bbf1b19 + aeea872
commit 1de9465
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -105,7 +105,7 @@ You can also test the operator locally in a minikube context.
 ```bash
 # Choose a specific ref and tag if needed
 REF=master
-TAG=0.7.0
+TAG=0.8.1
 
 cat <<EOF > kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1

diff --git a/kubernetes/auth-operator.yaml b/kubernetes/auth-operator.yaml
@@ -25,7 +25,7 @@ spec:
             - --verbose
             - --liveness=http://0.0.0.0:8080/healthz
             - --standalone
-          image: ghcr.io/coveooss/aws_auth_eks_crd:0.7.0
+          image: ghcr.io/coveooss/aws_auth_eks_crd:0.8.1
           imagePullPolicy: IfNotPresent
           name: operator
           ports:

diff --git a/kubernetes/kustomization.yaml b/kubernetes/kustomization.yaml
@@ -10,4 +10,4 @@ resources:
 images:
 - name: coveo/aws-auth-operator:0.1
   newName: ghcr.io/coveooss/aws_auth_eks_crd
-  newTag: 0.7.0
+  newTag: 0.8.1
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "aws_auth_eks_crd"
-version = "0.8.0"
+version = "0.8.1"
 description = "Operator to configure the aws-auth config map with IamIdentityMappings"
 readme = "README.md"
 repository = "https://github.com/coveooss/aws_auth_eks_crd"

diff --git a/src/kubernetes_operator/iam_mapping.py b/src/kubernetes_operator/iam_mapping.py
@@ -118,8 +118,17 @@ def check_synchronization() -> bool:
         identities_to_ignore = identities_to_ignore + environ.get("IGNORED_CM_IDENTITIES", "").split(",")
 
     identities_in_cm_set = set(identities_in_cm) - set(identities_to_ignore)
+    identities_in_crd_set = set(identities_in_crd)
+
+    if identities_in_cm_set != identities_in_crd_set:
+        logger.error(
+            "The aws-auth configmap and the IamIdentityMappings are out of sync.\n"
+            "The following users are in the aws-auth configmap but not in the IamIdentityMappings: %s\n"
+            "The following users are in the IamIdentityMappings but not in the aws-auth configmap: %s\n",
+            list(identities_in_cm_set - identities_in_crd_set),
+            list(identities_in_crd_set - identities_in_cm_set),
+        )
 
-    if identities_in_cm_set != set(identities_in_crd):
         # Raise exception to make the monitoring probe fail
         raise RuntimeError("monitoring check result : out-of-sync")