From aeea872655e264a07723b22698c8d35e196cef8e Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lachance Date: Wed, 31 Jan 2024 11:31:13 -0500 Subject: [PATCH] Log the out-of-sync issues, so we can fix them * Log the out-of-sync issues, so we can fix them J:DEF-2460 --- README.md | 2 +- kubernetes/auth-operator.yaml | 2 +- kubernetes/kustomization.yaml | 2 +- pyproject.toml | 2 +- src/kubernetes_operator/iam_mapping.py | 11 ++++++++++- 5 files changed, 14 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 5733a39..2f4c770 100644 --- a/README.md +++ b/README.md @@ -105,7 +105,7 @@ You can also test the operator locally in a minikube context. ```bash # Choose a specific ref and tag if needed REF=master -TAG=0.7.0 +TAG=0.8.1 cat < kustomization.yaml apiVersion: kustomize.config.k8s.io/v1beta1 diff --git a/kubernetes/auth-operator.yaml b/kubernetes/auth-operator.yaml index 9f2edf8..834d5fa 100644 --- a/kubernetes/auth-operator.yaml +++ b/kubernetes/auth-operator.yaml @@ -25,7 +25,7 @@ spec: - --verbose - --liveness=http://0.0.0.0:8080/healthz - --standalone - image: ghcr.io/coveooss/aws_auth_eks_crd:0.7.0 + image: ghcr.io/coveooss/aws_auth_eks_crd:0.8.1 imagePullPolicy: IfNotPresent name: operator ports: diff --git a/kubernetes/kustomization.yaml b/kubernetes/kustomization.yaml index fa318c9..ff9bfd6 100644 --- a/kubernetes/kustomization.yaml +++ b/kubernetes/kustomization.yaml @@ -10,4 +10,4 @@ resources: images: - name: coveo/aws-auth-operator:0.1 newName: ghcr.io/coveooss/aws_auth_eks_crd - newTag: 0.7.0 + newTag: 0.8.1 diff --git a/pyproject.toml b/pyproject.toml index 8c7bb11..90a1f8f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "aws_auth_eks_crd" -version = "0.8.0" +version = "0.8.1" description = "Operator to configure the aws-auth config map with IamIdentityMappings" readme = "README.md" repository = "https://github.com/coveooss/aws_auth_eks_crd" diff --git a/src/kubernetes_operator/iam_mapping.py b/src/kubernetes_operator/iam_mapping.py index f44ab92..2f9241d 100644 --- a/src/kubernetes_operator/iam_mapping.py +++ b/src/kubernetes_operator/iam_mapping.py @@ -118,8 +118,17 @@ def check_synchronization() -> bool: identities_to_ignore = identities_to_ignore + environ.get("IGNORED_CM_IDENTITIES", "").split(",") identities_in_cm_set = set(identities_in_cm) - set(identities_to_ignore) + identities_in_crd_set = set(identities_in_crd) + + if identities_in_cm_set != identities_in_crd_set: + logger.error( + "The aws-auth configmap and the IamIdentityMappings are out of sync.\n" + "The following users are in the aws-auth configmap but not in the IamIdentityMappings: %s\n" + "The following users are in the IamIdentityMappings but not in the aws-auth configmap: %s\n", + list(identities_in_cm_set - identities_in_crd_set), + list(identities_in_crd_set - identities_in_cm_set), + ) - if identities_in_cm_set != set(identities_in_crd): # Raise exception to make the monitoring probe fail raise RuntimeError("monitoring check result : out-of-sync")