profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/shrinandj/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

keikoproj/minion-manager 120

Intelligent use of Spot Instances in Kubernetes

keikoproj/upgrade-manager 89

Reliable, extensible rolling-upgrades of Autoscaling groups in Kubernetes

shrinandj/smoke-test-operator 4

Kubernetes operator for running basic K8s smoke tests

shrinandj/active-monitor 0

Provides deep monitoring of Kubernetes clusters

shrinandj/argo-cd 0

GitOps Continuous Delivery for Kubernetes

shrinandj/argo-events 0

event-based dependency manager for Kubernetes

shrinandj/awesome-kubernetes 0

A curated list for awesome kubernetes sources :ship::tada:

shrinandj/awesome-kubernetes-extensions 0

A resource tracking a number of Kubernetes extensions built on TPRs, CRDs, and API Aggregation

shrinandj/aws-alb-ingress-controller 0

AWS ALB Ingress Controller for Kubernetes

Pull request review commentkeikoproj/upgrade-manager

V2 controller metrics concurrency fix

 func (r *RollingUpgradeContext) RotateNodes() error { 	return nil } +// Update last batch nodes+func (s *RollingUpgradeContext) UpdateLastBatchNodes(batchNodes map[string]*v1alpha1.NodeInProcessing) {

This can stay same package @shaoxt just different file

shaoxt

comment created time in 5 hours

Pull request review commentkeikoproj/upgrade-manager

V2 controller metrics concurrency fix

 func (r *RollingUpgradeContext) RotateNodes() error { 	return nil } +// Update last batch nodes+func (s *RollingUpgradeContext) UpdateLastBatchNodes(batchNodes map[string]*v1alpha1.NodeInProcessing) {

package "api" depends on package "common". We can not let package "common" refer to the structures in "api.*". Also common is used in "controllers", those methods need to access RollingUpgradeContext.

shaoxt

comment created time in 5 hours

Pull request review commentkeikoproj/upgrade-manager

V2 controller metrics concurrency fix

 func TestDesiredNodesReady(t *testing.T) { 		} 	} }++// Test+func TestNodeTurnsOntoStep(t *testing.T) {

Also this to controllers/metrics_test.go

shaoxt

comment created time in 5 hours

Pull request review commentkeikoproj/upgrade-manager

V2 controller metrics concurrency fix

 func (r *RollingUpgradeContext) RotateNodes() error { 	return nil } +// Update last batch nodes+func (s *RollingUpgradeContext) UpdateLastBatchNodes(batchNodes map[string]*v1alpha1.NodeInProcessing) {

Can we move all these methods to controllers/metrics.go?

shaoxt

comment created time in 5 hours

pull request commentkeikoproj/upgrade-manager

Fix metrics concurrency issue

Codecov Report

Merging #232 (e8da63f) into master (d6c90bb) will increase coverage by 0.19%. The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #232      +/-   ##
==========================================
+ Coverage   69.48%   69.68%   +0.19%     
==========================================
  Files          12       12              
  Lines        1088     1095       +7     
==========================================
+ Hits          756      763       +7     
  Misses        294      294              
  Partials       38       38              
Flag Coverage Δ
unittests 69.68% <100.00%> (+0.19%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
api/v1alpha1/rollingupgrade_types.go 98.36% <100.00%> (+0.05%) :arrow_up:
controllers/common/metrics.go 89.18% <100.00%> (+1.31%) :arrow_up:
controllers/rollingupgrade_controller.go 69.83% <100.00%> (+0.04%) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update d6c90bb...e8da63f. Read the comment docs.

shaoxt

comment created time in 7 hours

created tagkeikoproj/kubedog

tagv0.0.3

Kubedog is a Godog (cucumber) wrapper with pre-defined step implementations for Kubernetes/AWS

created time in 9 hours

pull request commentkeikoproj/iam-manager

Add validation tests.

@sabw8217 Absolutely!! please go ahead. its long time we touched web hook implementation and ended up having some tech debt there. Thank you for the change. Appreciate it!!

sabw8217

comment created time in 10 hours

pull request commentkeikoproj/iam-manager

Add validation tests.

if this approach looks OK I can add some more tests to increase code coverage

sabw8217

comment created time in 10 hours

push eventkeikoproj/kubedog

Alfredo Garo

commit sha e33358d855e544176c581e8743837dcf0d868737

AnASGNamed panics with: index out of range (#29) * fix and unit test Signed-off-by: Alfredo Garo <44888596+garomonegro@users.noreply.github.com> * better log Signed-off-by: Alfredo Garo <44888596+garomonegro@users.noreply.github.com> * PR feedback Signed-off-by: Alfredo Garo <44888596+garomonegro@users.noreply.github.com>

view details

push time in 11 hours

PR merged keikoproj/kubedog

AnASGNamed panics with: index out of range

Fixes #27

+106 -7

1 comment

2 changed files

garomonegro

pr closed time in 11 hours

issue closedkeikoproj/kubedog

AnASGNamed panics with: index out of range

AnASGNamed panics with index out of range [0] with length 0 if the ASG doesn't exist. This case should be handled better.

      Error: runtime error: index out of range [0] with length 0
runtime.gopanic
	/usr/local/go/src/runtime/panic.go:965
runtime.goPanicIndex
	/usr/local/go/src/runtime/panic.go:88
github.com/keikoproj/kubedog/pkg/aws.(*Client).AnASGNamed
	/Users/agaro/go/pkg/mod/github.com/keikoproj/kubedog@v0.0.2/pkg/aws/aws.go:53

closed time in 11 hours

garomonegro

pull request commentkeikoproj/upgrade-manager

Fix metrics concurrency issue

@shaoxt do you need to do the same refactoring here as you did in v2?

shaoxt

comment created time in 12 hours

pull request commentkeikoproj/iam-manager

Add validation tests.

Codecov Report

Merging #79 (13dd9bc) into master (6fd794b) will decrease coverage by 1.71%. The diff coverage is 42.85%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #79      +/-   ##
==========================================
- Coverage   66.40%   64.68%   -1.72%     
==========================================
  Files           8       11       +3     
  Lines        1003     1096      +93     
==========================================
+ Hits          666      709      +43     
- Misses        306      352      +46     
- Partials       31       35       +4     
Impacted Files Coverage Δ
api/v1alpha1/iamrole_webhook.go 52.00% <33.33%> (ø)
internal/config/properties.go 64.74% <60.00%> (-0.16%) :arrow_down:
api/v1alpha1/StringOrStrings.go 0.00% <0.00%> (ø)
api/v1alpha1/iamrole_types.go 100.00% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 6fd794b...13dd9bc. Read the comment docs.

sabw8217

comment created time in 13 hours

PR opened keikoproj/iam-manager

Add validation tests.

I haven't opened an issue for this, but I can if you'd like it to be tracked that way.

close #

Could you share the solution in high level?

Injects the k8s client in ValidateCreate and ValidateUpdate so we can test validateIamPolicy with a mock.

Could you share the test results?

go fmt ./...
/Users/aaronwebber/go/bin/controller-gen "crd:trivialVersions=true" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
/Users/aaronwebber/go/bin/controller-gen "crd:trivialVersions=true" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd_no_webhook/bases
KUBECONFIG=/Users/aaronwebber/.kube/config \
	LOCAL=true \
	ALLOWED_POLICY_ACTION=s3:,sts:,ec2:Describe,acm:Describe,acm:List,acm:Get,route53:Get,route53:List,route53:Create,route53:Delete,route53:Change,kms:Decrypt,kms:Encrypt,kms:ReEncrypt,kms:GenerateDataKey,kms:DescribeKey,dynamodb:,secretsmanager:GetSecretValue,es:,sqs:SendMessage,sqs:ReceiveMessage,sqs:DeleteMessage,SNS:Publish,sqs:GetQueueAttributes,sqs:GetQueueUrl \
	RESTRICTED_POLICY_RESOURCES=policy-resource \
	RESTRICTED_S3_RESOURCES=s3-resource \
	AWS_ACCOUNT_ID=123456789012 \
	AWS_REGION=us-west-2 \
	MANAGED_POLICIES=arn:aws:iam::123456789012:policy/SOMETHING \
	MANAGED_PERMISSION_BOUNDARY_POLICY=arn:aws:iam::1123456789012:role/iam-manager-permission-boundary \
	CLUSTER_NAME=k8s_test_keiko \
	CLUSTER_OIDC_ISSUER_URL="https://google.com/OIDC" \
	DEFAULT_TRUST_POLICY='{"Version": "2012-10-17", "Statement": [{"Effect": "Allow","Principal": {"Federated": "arn:aws:iam::AWS_ACCOUNT_ID:oidc-provider/OIDC_PROVIDER"},"Action": "sts:AssumeRoleWithWebIdentity","Condition": {"StringEquals": {"OIDC_PROVIDER:sub": "system:serviceaccount:{{.NamespaceName}}:SERVICE_ACCOUNT_NAME"}}}, {"Effect": "Allow","Principal": {"AWS": ["arn:aws:iam::{{.AccountID}}:role/trust_role"]},"Action": "sts:AssumeRole"}]}' \
	MAX_ROLES_ALLOWED=2 \
	go test ./... -coverprofile cover.out
?   	github.com/keikoproj/iam-manager	[no test files]
ok  	github.com/keikoproj/iam-manager/api/v1alpha1	1.602s	coverage: 21.7% of statements
ok  	github.com/keikoproj/iam-manager/controllers	10.782s	coverage: 9.9% of statements
ok  	github.com/keikoproj/iam-manager/internal/config	0.859s	coverage: 66.9% of statements
ok  	github.com/keikoproj/iam-manager/internal/utils	1.288s	coverage: 84.9% of statements
ok  	github.com/keikoproj/iam-manager/pkg/awsapi	2.474s	coverage: 86.1% of statements
?   	github.com/keikoproj/iam-manager/pkg/awsapi/mocks	[no test files]
?   	github.com/keikoproj/iam-manager/pkg/k8s	[no test files]
?   	github.com/keikoproj/iam-manager/pkg/k8s/mocks	[no test files]
?   	github.com/keikoproj/iam-manager/pkg/log	[no test files]
ok  	github.com/keikoproj/iam-manager/pkg/validation	1.988s	coverage: 87.4% of statements
+115 -11

0 comment

5 changed files

pr created time in 13 hours

pull request commentkeikoproj/upgrade-manager

V2 controller metrics concurrency fix

@eytan-avisror Refined the code based on RollingUpgradeContext

shaoxt

comment created time in a day

issue commentkeikoproj/iam-manager

Allow overwriting the role name construction in the CR itself

The one idea could be, Allow overwriting only for those namespaces which has special annotation. This way we can protect the feature for specific usecases as well as not get into multiple namespace roles trying to fight for the same role name. Remember AWS account is for all these namespaces and AWS can not have multiple IAM roles with same name.

mnkg561

comment created time in a day

issue closedkeikoproj/iam-manager

Monitor AWS iam-manager role

Is this a BUG REPORT or FEATURE REQUEST?: FEATURE REQUEST

What happened: As per the design, we allow access only to cluster administrator to iam-manager namespace but iam role attached to iam-manager namespace (in the kiam installation) will have a loop hole where "anything" deployed in iam-manager namespace will have access to the iam role attached to the namespace and a user with malicious intent can create a new pod and start creating iam roles bypassing webhook validation and controller.

What you expected to happen: We should monitor the activities by iam-manager role and detect if there is any anomaly and perform an action to stop damage further. Idea here is to "Attach a Deny all policies".

How to reproduce it (as minimally and precisely as possible): Create a pod inside iam-manager and create roles.

Anything else we need to know?:

Environment:

  • iam-manager version
  • Kubernetes version :
$ kubectl version -o yaml

Other debugging information (if applicable):

- controller logs:

$ kubectl logs <iam-manager>

closed time in a day

mnkg561

push eventkeikoproj/iam-manager

Aaron Webber

commit sha df3b3b3cc78ed15a0171f25fde109098f631a8c9

Check the number of roles against the configured max. Signed-off-by: Aaron Webber <aaron@nextdoor.com>

view details

Naveen M

commit sha 6fd794b1bc92d1982db2fdd58861eda19a063cc8

Merge pull request #78 from Nextdoor/77_fix_max_roles_check Check number of roles in namespace against configured max.

view details

push time in a day

issue closedkeikoproj/iam-manager

Max limit per namespace config not working

Is this a BUG REPORT or FEATURE REQUEST?: Bug Report

What happened: Set iam.role.max.limit.per.namespace to 5 and added a second IAM role to a namespace. When I attempted to create the role (via ArgoCD) the resource did not sync and I see this in the logs for the IAM Manager pod:

2021-05-04T23:22:55.964Z DEBUG controller-runtime.webhook.webhooks wrote response {"webhook": "/validate-iammanager-keikoproj-io-v1alpha1-iamrole", "UID": "8d8acd6f-5985-4c38-a709-0edc5c2db644", "allowed": false, "result": {}, "resultError": "got runtime.Object without object metadata: &Status{ListMeta:ListMeta{SelfLink:,ResourceVersion:,Continue:,RemainingItemCount:nil,},Status:,Message:,Reason:Iamrole.iammanager.keikoproj.io "kafka-connect-s3-sink-connector-role" is invalid: metadata.namespace: Invalid value: "lightstream": only 1 role is allowed per namespace,Details:nil,Code:403,}"}

What you expected to happen:

The second IAM role should have been created.

How to reproduce it (as minimally and precisely as possible):

Set iam.role.max.limit.per.namespace > 1 and attempt to create a second role in a namespace.

Anything else we need to know?:

I believe the issue is on this line https://github.com/keikoproj/iam-manager/blob/master/api/v1alpha1/iamrole_webhook.go#L229

which should be checking config.MaxRolesAllowed similar to this: https://github.com/keikoproj/iam-manager/blob/420573a19f43020018a939739ce8fa723ec828a0/controllers/iamrole_controller.go#L223

Environment:

  • iam-manager version 0.0.6
  • Kubernetes version :
clientVersion:
  buildDate: "2021-02-21T20:21:49Z"
  compiler: gc
  gitCommit: e87da0bd6e03ec3fea7933c4b5263d151aafd07c
  gitTreeState: clean
  gitVersion: v1.20.4
  goVersion: go1.15.8
  major: "1"
  minor: "20"
  platform: darwin/amd64
serverVersion:
  buildDate: "2020-12-23T22:10:21Z"
  compiler: gc
  gitCommit: 49a6c0bf091506e7bafcdb1b142351b69363355a
  gitTreeState: clean
  gitVersion: v1.19.6-eks-49a6c0
  goVersion: go1.15.5
  major: "1"
  minor: 19+
  platform: linux/amd64

Other debugging information (if applicable):

Relevant bit of controller logs:

2021-05-04T23:22:55.956Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/validate-iammanager-keikoproj-io-v1alpha1-iamrole", "UID": "8d8acd6f-5985-4c38-a709-0edc5c2db644", "kind": "iammanager.keikoproj.io/v1alpha1, Kind=Iamrole", "resource": {"group":"iammanager.keikoproj.io","version":"v1alpha1","resource":"iamroles"}}
2021-05-04T23:22:55.956Z	INFO	v1alpha1.ValidateCreate	validating create request	{"name": "kafka-connect-s3-sink-connector-role"}
2021-05-04T23:22:55.957Z	INFO	v1alpha1.validateIAMPolicy	validating IAM policy	{"name": "kafka-connect-s3-sink-connector-role"}
2021-05-04T23:22:55.957Z	DEBUG	k8s.client.IamrolesCount	list api call
2021-05-04T23:22:55.964Z	INFO	k8s.client.IamrolesCount	Total number of roles	{"count": 1}
2021-05-04T23:22:55.964Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/validate-iammanager-keikoproj-io-v1alpha1-iamrole", "UID": "8d8acd6f-5985-4c38-a709-0edc5c2db644", "allowed": false, "result": {}, "resultError": "got runtime.Object without object metadata: &Status{ListMeta:ListMeta{SelfLink:,ResourceVersion:,Continue:,RemainingItemCount:nil,},Status:,Message:,Reason:Iamrole.iammanager.keikoproj.io \"kafka-connect-s3-sink-connector-role\" is invalid: metadata.namespace: Invalid value: \"lightstream\": only 1 role is allowed per namespace,Details:nil,Code:403,}"}

closed time in a day

sabw8217

PR merged keikoproj/iam-manager

Check number of roles in namespace against configured max.

close #77

I was hoping to get a unit test in for this code, but it will require some refactoring, so I am upstreaming the fix for the bug, and I'll put up a separate PR with some refactoring to better allow testing this code.

Could you share the solution in high level?

Check the max roles in the namespace against the configured limit instead of hard coded 1.

Could you share the test results?

go get -u github.com/golang/mock/mockgen
go: finding golang.org/x/sys latest
go: finding golang.org/x/xerrors latest
mockgen is in progess
/Users/aaronwebber/go/bin/controller-gen object:headerFile=./hack/boilerplate.go.txt paths="./..."
go fmt ./...
/Users/aaronwebber/go/bin/controller-gen "crd:trivialVersions=true" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
/Users/aaronwebber/go/bin/controller-gen "crd:trivialVersions=true" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd_no_webhook/bases
KUBECONFIG=/Users/aaronwebber/.kube/config \
	LOCAL=true \
	ALLOWED_POLICY_ACTION=s3:,sts:,ec2:Describe,acm:Describe,acm:List,acm:Get,route53:Get,route53:List,route53:Create,route53:Delete,route53:Change,kms:Decrypt,kms:Encrypt,kms:ReEncrypt,kms:GenerateDataKey,kms:DescribeKey,dynamodb:,secretsmanager:GetSecretValue,es:,sqs:SendMessage,sqs:ReceiveMessage,sqs:DeleteMessage,SNS:Publish,sqs:GetQueueAttributes,sqs:GetQueueUrl \
	RESTRICTED_POLICY_RESOURCES=policy-resource \
	RESTRICTED_S3_RESOURCES=s3-resource \
	AWS_ACCOUNT_ID=123456789012 \
	AWS_REGION=us-west-2 \
	MANAGED_POLICIES=arn:aws:iam::123456789012:policy/SOMETHING \
	MANAGED_PERMISSION_BOUNDARY_POLICY=arn:aws:iam::1123456789012:role/iam-manager-permission-boundary \
	CLUSTER_NAME=k8s_test_keiko \
	CLUSTER_OIDC_ISSUER_URL="https://google.com/OIDC" \
	DEFAULT_TRUST_POLICY='{"Version": "2012-10-17", "Statement": [{"Effect": "Allow","Principal": {"Federated": "arn:aws:iam::AWS_ACCOUNT_ID:oidc-provider/OIDC_PROVIDER"},"Action": "sts:AssumeRoleWithWebIdentity","Condition": {"StringEquals": {"OIDC_PROVIDER:sub": "system:serviceaccount:{{.NamespaceName}}:SERVICE_ACCOUNT_NAME"}}}, {"Effect": "Allow","Principal": {"AWS": ["arn:aws:iam::{{.AccountID}}:role/trust_role"]},"Action": "sts:AssumeRole"}]}' \
	go test ./... -coverprofile cover.out
?   	github.com/keikoproj/iam-manager	[no test files]
?   	github.com/keikoproj/iam-manager/api/v1alpha1	[no test files]
ok  	github.com/keikoproj/iam-manager/controllers	9.952s	coverage: 9.9% of statements
ok  	github.com/keikoproj/iam-manager/internal/config	1.175s	coverage: 66.7% of statements
ok  	github.com/keikoproj/iam-manager/internal/utils	1.625s	coverage: 84.9% of statements
ok  	github.com/keikoproj/iam-manager/pkg/awsapi	1.978s	coverage: 86.1% of statements
?   	github.com/keikoproj/iam-manager/pkg/awsapi/mocks	[no test files]
?   	github.com/keikoproj/iam-manager/pkg/k8s	[no test files]
?   	github.com/keikoproj/iam-manager/pkg/log	[no test files]
ok  	github.com/keikoproj/iam-manager/pkg/validation	0.799s	coverage: 87.4% of statements
+2 -2

5 comments

1 changed file

sabw8217

pr closed time in a day

push eventkeikoproj/upgrade-manager

Shreyas Badiger

commit sha b659e0f652ac532e9d322f0ea77d9e5c431c2d0c

Resolve compile errors caused by merge conflict. (#235) * #2285: rollup CR statistic metrics in v2 (#218) * #2285: rollup CR statistic metrics in v2 Signed-off-by: sbadla1 <sahil_badla@intuit.com> * #2285: updated metric flags Signed-off-by: sbadla1 <sahil_badla@intuit.com> * #2285: updated metric flags Signed-off-by: sbadla1 <sahil_badla@intuit.com> Signed-off-by: sbadiger <shreyas_badiger@intuit.com> * log cloud discovery failure Signed-off-by: sbadiger <shreyas_badiger@intuit.com> * Create RollingUpgrade Context Signed-off-by: sbadiger <shreyas_badiger@intuit.com> * rollingupgrade context Signed-off-by: sbadiger <shreyas_badiger@intuit.com> * resolve compile errors due to merge conflict Signed-off-by: sbadiger <shreyas_badiger@intuit.com> Co-authored-by: Sahil Badla <sahil_badla@intuit.com>

view details

push time in a day

pull request commentkeikoproj/iam-manager

Check number of roles in namespace against configured max.

probably clearer if I include the namespaces!

$ k get -A  iamroles
NAMESPACE       NAME                                   STATE   ROLENAME                                                           RETRYCOUNT   LASTUPDATEDTIMESTAMP   AGE
argocd          argocd-service-image-updater           Ready   k8s-staging-us1-argocd-argocd-service-image-updater                0            2021-02-10T23:52:19Z   91d
kubecost        kubecost                               Ready   k8s-staging-us1-kubecost-kubecost                                  0            2021-03-26T14:52:08Z   54d
lightstream     kafka-connect-s3-sink-connector-role   Ready   k8s-staging-us1-lightstream-kafka-connect-s3-sink-connector-role   0            2021-05-06T21:26:03Z   6d23h
lightstream     lightstream-connector-role             Ready   k8s-staging-us1-lightstream-lightstream-connector-role             0            2021-04-06T23:51:20Z   71d
observability   observability-grafana                  Ready   k8s-staging-us1-observability-observability-grafana                0            2021-02-04T06:54:25Z   98d
sabw8217

comment created time in a day

pull request commentkeikoproj/upgrade-manager

V2 controller metrics concurrency fix

It's merged now @shaoxt if you want to move the implementation

shaoxt

comment created time in a day

pull request commentkeikoproj/iam-manager

Check number of roles in namespace against configured max.

@mnkg561 yes, we've got this deployed in our environment and we have 2 roles deployed right now:

$ k get iamroles
NAME                                   STATE   ROLENAME                                                           RETRYCOUNT   LASTUPDATEDTIMESTAMP   AGE
kafka-connect-s3-sink-connector-role   Ready   k8s-staging-us1-lightstream-kafka-connect-s3-sink-connector-role   0            2021-05-06T21:26:03Z   6d23h
lightstream-connector-role             Ready   k8s-staging-us1-lightstream-lightstream-connector-role             0            2021-04-06T23:51:20Z   71d
sabw8217

comment created time in a day

push eventkeikoproj/upgrade-manager

Shreyas Badiger

commit sha b664fdd65177824003e528bd388c46f6398a3fc6

Create RollingUpgradeContext (#234) * #2285: rollup CR statistic metrics in v2 (#218) * #2285: rollup CR statistic metrics in v2 Signed-off-by: sbadla1 <sahil_badla@intuit.com> * #2285: updated metric flags Signed-off-by: sbadla1 <sahil_badla@intuit.com> * #2285: updated metric flags Signed-off-by: sbadla1 <sahil_badla@intuit.com> Signed-off-by: sbadiger <shreyas_badiger@intuit.com> * log cloud discovery failure Signed-off-by: sbadiger <shreyas_badiger@intuit.com> * Create RollingUpgrade Context Signed-off-by: sbadiger <shreyas_badiger@intuit.com> * rollingupgrade context Signed-off-by: sbadiger <shreyas_badiger@intuit.com> Co-authored-by: Sahil Badla <sahil_badla@intuit.com>

view details

push time in a day

pull request commentkeikoproj/iam-manager

Check number of roles in namespace against configured max.

@sabw8217 Did you test it in your environment with the local built image and woking it as expected?

sabw8217

comment created time in a day

pull request commentkeikoproj/iam-manager

Check number of roles in namespace against configured max.

Codecov Report

Merging #78 (50646fe) into master (420573a) will not change coverage. The diff coverage is n/a.

:exclamation: Current head 50646fe differs from pull request most recent head df3b3b3. Consider uploading reports for the commit df3b3b3 to get more accurate results Impacted file tree graph

@@           Coverage Diff           @@
##           master      #78   +/-   ##
=======================================
  Coverage   66.40%   66.40%           
=======================================
  Files           8        8           
  Lines        1003     1003           
=======================================
  Hits          666      666           
  Misses        306      306           
  Partials       31       31           

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 420573a...df3b3b3. Read the comment docs.

sabw8217

comment created time in a day