kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't skip roles that don't have cluster name prefix 

This should plug the IAM roles leak. It probably a leftover from when roles did not have tags and we relied on the name of the role instead.
This commit is contained in:
Ole Markus With 2022-08-20 08:55:40 +02:00
parent 8e7a50346b
commit 09b604867d
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/resources/aws/aws.go
View File

@ -1998,9 +1998,6 @@ func ListIAMRoles(cloud fi.Cloud, clusterName string) ([]*resources.Resource, er
err := c.IAM().ListRolesPages(request, func(p *iam.ListRolesOutput, lastPage bool) bool {
for _, r := range p.Roles {
name := aws.StringValue(r.RoleName)
if !strings.HasSuffix(name, "."+clusterName) {
continue
}
getRequest := &iam.GetRoleInput{RoleName: r.RoleName}
roleOutput, err := c.IAM().GetRole(getRequest)