Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terraform: add missing policies for AWS ALB #3063

Merged
merged 4 commits into from
May 10, 2024
Merged

terraform: add missing policies for AWS ALB #3063

merged 4 commits into from
May 10, 2024

Conversation

burgerdev
Copy link
Contributor

@burgerdev burgerdev commented May 3, 2024
edited
Loading

Context

Node role permissions are currently handcrafted to allow the set of use cases we identified so far. We did not consider the use of AWS LBC as an Ingress provisioner, though, and thus never checked whether the policies are sufficient.

Proposed change(s)

  • Apply the recommended policy.
  • Add a test to ensure ALB Ingresses can be created.
  • Document considerations for using ALB Ingress with Constellation.

Related issue

Checklist

@burgerdev burgerdev added bug fix Fixing a bug needs backport This PR needs to be backported to a previous release labels May 3, 2024
@burgerdev burgerdev added this to the v2.17.0 milestone May 3, 2024
@netlify Netlify
Copy link

netlify bot commented May 3, 2024
edited
Loading

Deploy Preview for constellation-docs ready!

Name Link
🔨 Latest commit 8704da6
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/6638c37b5484c90008d41318
😎 Deploy Preview https://deploy-preview-3063--constellation-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@burgerdev burgerdev requested review from 3u13r and msanft May 6, 2024 14:07
@burgerdev burgerdev marked this pull request as ready for review May 6, 2024 14:07
@burgerdev burgerdev requested a review from thomasten as a code owner May 6, 2024 14:07
msanft
msanft reviewed May 6, 2024
View reviewed changes
Copy link
Contributor

@msanft msanft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Policy and E2E test LGTM, but I lack the proficiency in this area to give a meaningful review. So @3u13r should probably double-check before merging.

docs/docs/workflows/lb.md Show resolved Hide resolved
3u13r
3u13r approved these changes May 9, 2024
View reviewed changes
Copy link
Member

@3u13r 3u13r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@burgerdev burgerdev merged commit 174c3ab into main May 10, 2024
11 checks passed
@burgerdev burgerdev deleted the burgerdev/alb branch May 10, 2024 06:51
burgerdev added a commit that referenced this pull request May 13, 2024
@burgerdev
terraform: add missing policies for AWS ALB (#3063)
b5f9012 
* terraform: add missing policies for AWS ALB
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msanft msanft msanft left review comments

@3u13r 3u13r 3u13r approved these changes

@thomasten thomasten Awaiting requested review from thomasten thomasten is a code owner

Assignees
No one assigned
Labels
bug fix Fixing a bug needs backport This PR needs to be backported to a previous release
Projects
None yet
Milestone
v2.17.0
Development

Successfully merging this pull request may close these issues.

Missing permission for AWS Application Load Balancer
3 participants
@burgerdev @3u13r @msanft