Ignore InvalidAction errors when tagging IAM Instance Profiles

This commit is contained in:
Peter Rifel 2021-10-28 17:08:04 -05:00
parent 7f59cd8086
commit fd2370c8e8
No known key found for this signature in database
GPG Key ID: BC6469E5B16DB2B6
3 changed files with 50 additions and 4 deletions

View File

@ -92,6 +92,34 @@ func (m *MockIAM) CreateInstanceProfileRequest(*iam.CreateInstanceProfileInput)
panic("Not implemented")
}
func (m *MockIAM) TagInstanceProfile(request *iam.TagInstanceProfileInput) (*iam.TagInstanceProfileOutput, error) {
m.mutex.Lock()
defer m.mutex.Unlock()
klog.Infof("CreateInstanceProfile: %v", request)
ip := m.InstanceProfiles[aws.StringValue(request.InstanceProfileName)]
if ip == nil {
return nil, fmt.Errorf("InstanceProfile not found")
}
for _, tag := range request.Tags {
key := *tag.Key
overwritten := false
for _, existingTag := range ip.Tags {
if *existingTag.Key == key {
existingTag.Value = tag.Value
overwritten = true
break
}
}
if !overwritten {
ip.Tags = append(ip.Tags, tag)
}
}
return &iam.TagInstanceProfileOutput{}, nil
}
func (m *MockIAM) AddRoleToInstanceProfile(request *iam.AddRoleToInstanceProfileInput) (*iam.AddRoleToInstanceProfileOutput, error) {
m.mutex.Lock()
defer m.mutex.Unlock()

View File

@ -118,7 +118,6 @@ func (_ *IAMInstanceProfile) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *IAM
request := &iam.CreateInstanceProfileInput{
InstanceProfileName: e.Name,
Tags: mapToIAMTags(e.Tags),
}
response, err := t.Cloud.IAM().CreateInstanceProfile(request)
@ -126,6 +125,19 @@ func (_ *IAMInstanceProfile) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *IAM
return fmt.Errorf("error creating IAMInstanceProfile: %v", err)
}
tagRequest := &iam.TagInstanceProfileInput{
InstanceProfileName: e.Name,
Tags: mapToIAMTags(e.Tags),
}
_, err = t.Cloud.IAM().TagInstanceProfile(tagRequest)
if err != nil {
if awsup.AWSErrorCode(err) == awsup.AWSErrCodeInvalidAction {
klog.Warningf("Ignoring unsupported IAMInstanceProfile tagging %v", *a.Name)
} else {
return fmt.Errorf("error tagging IAMInstanceProfile: %v", err)
}
}
e.ID = response.InstanceProfile.InstanceProfileId
e.Name = response.InstanceProfile.InstanceProfileName
} else {
@ -151,14 +163,17 @@ func (_ *IAMInstanceProfile) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *IAM
}
_, err := t.Cloud.IAM().TagInstanceProfile(tagRequest)
if err != nil {
return fmt.Errorf("error tagging IAMInstanceProfile: %v", err)
if awsup.AWSErrorCode(err) == awsup.AWSErrCodeInvalidAction {
klog.Warningf("Ignoring unsupported IAMInstanceProfile tagging %v", *a.Name)
} else {
return fmt.Errorf("error tagging IAMInstanceProfile: %v", err)
}
}
}
}
}
// TODO: Should we use path as our tag?
return nil // No tags in IAM
return nil
}
func (_ *IAMInstanceProfile) RenderTerraform(t *terraform.TerraformTarget, a, e, changes *IAMInstanceProfile) error {

View File

@ -115,6 +115,9 @@ const (
WellKnownAccountUbuntu = "099720109477"
)
// AWSErrCodeInvalidAction is returned in AWS partitions that don't support certain actions
const AWSErrCodeInvalidAction = "InvalidAction"
type AWSCloud interface {
fi.Cloud
CloudFormation() *cloudformation.CloudFormation