support updating Policy resources in IAM controller #1124
Description
Describe the bug
Using apiVersion: iam.services.k8s.aws/v1alpha1 for Policy is failing, comparing to Role which works just perfect.
First of all, the policy is not always created, once created it doesn't discover difference in policyDocument.
Logs from iam-controller pod does not show any changes, other time throw an error similar to this:
2022-01-11T14:12:35.303Z INFO ackrt desired resource state has changed {"account": "027159582536", "role": "", "region": "eu-west-1", "kind": "Policy", "namespace": "dev", "name": "adapter-instafin-dev-policy", "is_adopted": false, "generation": 1, "diff": [{"Path":{"Parts":["Spec","Path"]},"A":null,"B":"/"}]}
2022-01-11T14:12:35.313Z ERROR controller-runtime.controller Reconciler error {"controller": "policy", "request": "dev/adapter-instafin-dev-policy", "error": "not implemented"}
Steps to reproduce
Manifest:
apiVersion: iam.services.k8s.aws/v1alpha1
kind: Policy
metadata:
name: {{ include "app.fullname" . }}-policy
spec:
description: "Policy for adapter-instafin"
name: {{ .Values.iamRoleNamePrefix }}-{{ include "app.fullname" . }}-policy
policyDocument: >
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSQS",
"Effect": "Allow",
"Action": "sqs:*",
"Resource": ["*"],
}
]
}
tags:
- key: managed_by
value: eks
Apply it, try to change policyDocument.
Expected outcome
Discover the changes and reflect them at AWS IAM
Environment
Dev/Stage/Prod
- Kubernetes version v1.21.5-eks-bc4871b
- Using EKS (yes/no), if so version? Yes, v1.21.5-eks-bc4871b
- AWS service targeted (S3, RDS, etc.) IAM