Skip to content

Commit 6b7a84f

Browse files
committed
Enable partial reconcile of Rosa Operator Roles
1 parent 5d3d413 commit 6b7a84f

File tree

5 files changed

+75
-92
lines changed

5 files changed

+75
-92
lines changed

config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -759,15 +759,6 @@ spec:
759759
[\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:AttachVolume\",\n\t\t\t\t\"ec2:CreateSnapshot\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"ec2:CreateVolume\",\n\t\t\t\t\"ec2:DeleteSnapshot\",\n\t\t\t\t\"ec2:DeleteTags\",\n\t\t\t\t\"ec2:DeleteVolume\",\n\t\t\t\t\"ec2:DescribeInstances\",\n\t\t\t\t\"ec2:DescribeSnapshots\",\n\t\t\t\t\"ec2:DescribeTags\",\n\t\t\t\t\"ec2:DescribeVolumes\",\n\t\t\t\t\"ec2:DescribeVolumesModifications\",\n\t\t\t\t\"ec2:DetachVolume\",\n\t\t\t\t\"ec2:ModifyVolume\"\n\t\t\t],\n\t\t\t\"Resource\":
760760
\"*\"\n\t\t}\n\t]\n}"
761761
type: string
762-
required:
763-
- controlPlaneOperatorARN
764-
- imageRegistryARN
765-
- ingressARN
766-
- kmsProviderARN
767-
- kubeCloudControllerARN
768-
- networkARN
769-
- nodePoolManagementARN
770-
- storageARN
771762
type: object
772763
rosaClusterName:
773764
description: |-

config/crd/bases/infrastructure.cluster.x-k8s.io_rosaroleconfigs.yaml

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -410,15 +410,6 @@ spec:
410410
[\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:AttachVolume\",\n\t\t\t\t\"ec2:CreateSnapshot\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"ec2:CreateVolume\",\n\t\t\t\t\"ec2:DeleteSnapshot\",\n\t\t\t\t\"ec2:DeleteTags\",\n\t\t\t\t\"ec2:DeleteVolume\",\n\t\t\t\t\"ec2:DescribeInstances\",\n\t\t\t\t\"ec2:DescribeSnapshots\",\n\t\t\t\t\"ec2:DescribeTags\",\n\t\t\t\t\"ec2:DescribeVolumes\",\n\t\t\t\t\"ec2:DescribeVolumesModifications\",\n\t\t\t\t\"ec2:DetachVolume\",\n\t\t\t\t\"ec2:ModifyVolume\"\n\t\t\t],\n\t\t\t\"Resource\":
411411
\"*\"\n\t\t}\n\t]\n}"
412412
type: string
413-
required:
414-
- controlPlaneOperatorARN
415-
- imageRegistryARN
416-
- ingressARN
417-
- kmsProviderARN
418-
- kubeCloudControllerARN
419-
- networkARN
420-
- nodePoolManagementARN
421-
- storageARN
422413
type: object
423414
type: object
424415
type: object

controlplane/rosa/api/v1beta2/rosacontrolplane_types.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -414,7 +414,7 @@ type AWSRolesRef struct {
414414
// }
415415
// ]
416416
// }
417-
IngressARN string `json:"ingressARN"`
417+
IngressARN string `json:"ingressARN,omitempty"`
418418

419419
// ImageRegistryARN is an ARN value referencing a role appropriate for the Image Registry Operator.
420420
//
@@ -449,7 +449,7 @@ type AWSRolesRef struct {
449449
// }
450450
// ]
451451
// }
452-
ImageRegistryARN string `json:"imageRegistryARN"`
452+
ImageRegistryARN string `json:"imageRegistryARN,omitempty"`
453453

454454
// StorageARN is an ARN value referencing a role appropriate for the Storage Operator.
455455
//
@@ -480,7 +480,7 @@ type AWSRolesRef struct {
480480
// }
481481
// ]
482482
// }
483-
StorageARN string `json:"storageARN"`
483+
StorageARN string `json:"storageARN,omitempty"`
484484

485485
// NetworkARN is an ARN value referencing a role appropriate for the Network Operator.
486486
//
@@ -506,7 +506,7 @@ type AWSRolesRef struct {
506506
// }
507507
// ]
508508
// }
509-
NetworkARN string `json:"networkARN"`
509+
NetworkARN string `json:"networkARN,omitempty"`
510510

511511
// KubeCloudControllerARN is an ARN value referencing a role appropriate for the KCM/KCC.
512512
// Source: https://cloud-provider-aws.sigs.k8s.io/prerequisites/#iam-policies
@@ -584,7 +584,7 @@ type AWSRolesRef struct {
584584
// ]
585585
// }
586586
// +immutable
587-
KubeCloudControllerARN string `json:"kubeCloudControllerARN"`
587+
KubeCloudControllerARN string `json:"kubeCloudControllerARN,omitempty"`
588588

589589
// NodePoolManagementARN is an ARN value referencing a role appropriate for the CAPI Controller.
590590
//
@@ -697,7 +697,7 @@ type AWSRolesRef struct {
697697
// }
698698
//
699699
// +immutable
700-
NodePoolManagementARN string `json:"nodePoolManagementARN"`
700+
NodePoolManagementARN string `json:"nodePoolManagementARN,omitempty"`
701701

702702
// ControlPlaneOperatorARN is an ARN value referencing a role appropriate for the Control Plane Operator.
703703
//
@@ -737,8 +737,8 @@ type AWSRolesRef struct {
737737
// ]
738738
// }
739739
// +immutable
740-
ControlPlaneOperatorARN string `json:"controlPlaneOperatorARN"`
741-
KMSProviderARN string `json:"kmsProviderARN"`
740+
ControlPlaneOperatorARN string `json:"controlPlaneOperatorARN,omitempty"`
741+
KMSProviderARN string `json:"kmsProviderARN,omitempty"`
742742
}
743743

744744
// RosaControlPlaneStatus defines the observed state of ROSAControlPlane.

exp/controllers/rosaroleconfig_controller.go

Lines changed: 55 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ import (
2424
"net/url"
2525
"strings"
2626

27-
"github.com/aws/aws-sdk-go/service/iam"
27+
iamv2 "github.com/aws/aws-sdk-go-v2/service/iam"
2828
"github.com/go-logr/logr"
2929
cmv1 "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1"
3030
accountroles "github.com/openshift/rosa/cmd/create/accountroles"
@@ -46,6 +46,7 @@ import (
4646
"sigs.k8s.io/controller-runtime/pkg/controller"
4747
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
4848

49+
"sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/rosa/api/v1beta2"
4950
expinfrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/exp/api/v1beta2"
5051
"sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud"
5152
"sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/scope"
@@ -150,18 +151,18 @@ func (r *ROSARoleConfigReconciler) Reconcile(ctx context.Context, req ctrl.Reque
150151
return ctrl.Result{}, fmt.Errorf("failed to OICD Config: %w", err)
151152
}
152153

153-
err = r.createOperatorRoles(ctx, roleConfig, scope, ocmClient)
154-
if err != nil {
155-
conditions.MarkFalse(scope.RosaRoleConfig, expinfrav1.RosaRoleConfigReadyCondition, expinfrav1.RosaRoleConfigReconciliationFailedReason, clusterv1.ConditionSeverityError, "Failed to create Operator Roles: %v", err)
156-
return ctrl.Result{}, fmt.Errorf("failed to Create OperatorRoles: %w", err)
157-
}
158-
159154
err = r.createOIDCProvider(scope, ocmClient)
160155
if err != nil {
161156
conditions.MarkFalse(scope.RosaRoleConfig, expinfrav1.RosaRoleConfigReadyCondition, expinfrav1.RosaRoleConfigReconciliationFailedReason, clusterv1.ConditionSeverityError, "Failed to create OIDC provider: %v", err)
162157
return ctrl.Result{}, fmt.Errorf("failed to Create OIDC provider: %w", err)
163158
}
164159

160+
err = r.createOperatorRoles(ctx, roleConfig, scope, ocmClient)
161+
if err != nil {
162+
conditions.MarkFalse(scope.RosaRoleConfig, expinfrav1.RosaRoleConfigReadyCondition, expinfrav1.RosaRoleConfigReconciliationFailedReason, clusterv1.ConditionSeverityError, "Failed to create Operator Roles: %v", err)
163+
return ctrl.Result{}, fmt.Errorf("failed to Create OperatorRoles: %w", err)
164+
}
165+
165166
if r.rosaRolesConfigReady(scope) {
166167
conditions.MarkTrue(scope.RosaRoleConfig, expinfrav1.RosaRoleConfigReadyCondition)
167168
conditions.Set(scope.RosaRoleConfig,
@@ -184,6 +185,12 @@ func (r *ROSARoleConfigReconciler) reconcileDelete(scope *scope.RosaRoleConfigSc
184185
return err
185186
}
186187

188+
err = r.deleteOperatorRoles(ocmClient, awsClient, scope.RosaRoleConfig.Spec.AccountRoleConfig.Prefix)
189+
if err != nil {
190+
conditions.MarkFalse(scope.RosaRoleConfig, expinfrav1.RosaRoleConfigReadyCondition, expinfrav1.RosaRoleConfigDeletionFailedReason, clusterv1.ConditionSeverityError, "Failed to delete operator roles: %v", err)
191+
return err
192+
}
193+
187194
oidcID := scope.RosaRoleConfig.Status.OIDCID
188195
if scope.RosaRoleConfig.Spec.OperatorRoleConfig.OIDCID == "" {
189196
err = r.deleteOIDCProvider(ocmClient, awsClient, oidcID)
@@ -193,12 +200,6 @@ func (r *ROSARoleConfigReconciler) reconcileDelete(scope *scope.RosaRoleConfigSc
193200
}
194201
}
195202

196-
err = r.deleteOperatorRoles(ocmClient, awsClient, scope.RosaRoleConfig.Spec.AccountRoleConfig.Prefix)
197-
if err != nil {
198-
conditions.MarkFalse(scope.RosaRoleConfig, expinfrav1.RosaRoleConfigReadyCondition, expinfrav1.RosaRoleConfigDeletionFailedReason, clusterv1.ConditionSeverityError, "Failed to delete operator roles: %v", err)
199-
return err
200-
}
201-
202203
err = r.deleteAccountRoles(ocmClient, awsClient, scope)
203204
if err != nil {
204205
conditions.MarkFalse(scope.RosaRoleConfig, expinfrav1.RosaRoleConfigReadyCondition, expinfrav1.RosaRoleConfigDeletionFailedReason, clusterv1.ConditionSeverityError, "Failed to delete account roles: %v", err)
@@ -267,36 +268,29 @@ func (r *ROSARoleConfigReconciler) createOperatorRoles(ctx context.Context, role
267268
return err
268269
}
269270

270-
if len(operatorRoles) > 0 {
271-
for _, roles := range operatorRoles {
272-
for _, role := range roles {
273-
if strings.Contains(role.RoleName, fmt.Sprintf("%s-openshift-ingress-operator-cloud-credentials", config.Prefix)) {
274-
scope.RosaRoleConfig.Status.OperatorRolesRef.IngressARN = role.RoleARN
275-
}
276-
if strings.Contains(role.RoleName, fmt.Sprintf("%s-openshift-image-registry-installer-cloud-credentials", config.Prefix)) {
277-
scope.RosaRoleConfig.Status.OperatorRolesRef.ImageRegistryARN = role.RoleARN
278-
}
279-
if strings.Contains(role.RoleName, fmt.Sprintf("%s-openshift-cluster-csi-drivers-ebs-cloud-credentials", config.Prefix)) {
280-
scope.RosaRoleConfig.Status.OperatorRolesRef.StorageARN = role.RoleARN
281-
}
282-
if strings.Contains(role.RoleName, fmt.Sprintf("%s-openshift-cloud-network-config-controller-cloud-credentials", config.Prefix)) {
283-
scope.RosaRoleConfig.Status.OperatorRolesRef.NetworkARN = role.RoleARN
284-
}
285-
if strings.Contains(role.RoleName, fmt.Sprintf("%s-kube-system-kube-controller-manager", config.Prefix)) {
286-
scope.RosaRoleConfig.Status.OperatorRolesRef.KubeCloudControllerARN = role.RoleARN
287-
}
288-
if strings.Contains(role.RoleName, fmt.Sprintf("%s-kube-system-capa-controller-manager", config.Prefix)) {
289-
scope.RosaRoleConfig.Status.OperatorRolesRef.NodePoolManagementARN = role.RoleARN
290-
}
291-
if strings.Contains(role.RoleName, fmt.Sprintf("%s-kube-system-control-plane-operator", config.Prefix)) {
292-
scope.RosaRoleConfig.Status.OperatorRolesRef.ControlPlaneOperatorARN = role.RoleARN
293-
}
294-
if strings.Contains(role.RoleName, fmt.Sprintf("%s-kube-system-kms-provider", config.Prefix)) {
295-
scope.RosaRoleConfig.Status.OperatorRolesRef.KMSProviderARN = role.RoleARN
296-
}
271+
for _, roles := range operatorRoles {
272+
for _, role := range roles {
273+
if role.RoleName == fmt.Sprintf("%s-openshift-ingress-operator-cloud-credentials", config.Prefix) {
274+
scope.RosaRoleConfig.Status.OperatorRolesRef.IngressARN = role.RoleARN
275+
} else if role.RoleName == fmt.Sprintf("%s-openshift-image-registry-installer-cloud-credentials", config.Prefix) {
276+
scope.RosaRoleConfig.Status.OperatorRolesRef.ImageRegistryARN = role.RoleARN
277+
} else if role.RoleName == fmt.Sprintf("%s-openshift-cluster-csi-drivers-ebs-cloud-credentials", config.Prefix) {
278+
scope.RosaRoleConfig.Status.OperatorRolesRef.StorageARN = role.RoleARN
279+
} else if role.RoleName == fmt.Sprintf("%s-openshift-cloud-network-config-controller-cloud-credentials", config.Prefix) {
280+
scope.RosaRoleConfig.Status.OperatorRolesRef.NetworkARN = role.RoleARN
281+
} else if role.RoleName == fmt.Sprintf("%s-kube-system-kube-controller-manager", config.Prefix) {
282+
scope.RosaRoleConfig.Status.OperatorRolesRef.KubeCloudControllerARN = role.RoleARN
283+
} else if role.RoleName == fmt.Sprintf("%s-kube-system-capa-controller-manager", config.Prefix) {
284+
scope.RosaRoleConfig.Status.OperatorRolesRef.NodePoolManagementARN = role.RoleARN
285+
} else if role.RoleName == fmt.Sprintf("%s-kube-system-control-plane-operator", config.Prefix) {
286+
scope.RosaRoleConfig.Status.OperatorRolesRef.ControlPlaneOperatorARN = role.RoleARN
287+
} else if role.RoleName == fmt.Sprintf("%s-kube-system-kms-provider", config.Prefix) {
288+
scope.RosaRoleConfig.Status.OperatorRolesRef.KMSProviderARN = role.RoleARN
297289
}
298290
}
299-
} else {
291+
}
292+
293+
if !r.operatorRolesReady(&scope.RosaRoleConfig.Status.OperatorRolesRef) {
300294
err = operatorroles.CreateOperatorRoles(runtime, ocm.Production, config.PermissionsBoundaryARN, interactive.ModeAuto, policies, version, isSharedVpc, config.Prefix, hostedCp, installerRoleArn, forcePolicyCreation,
301295
oidcConfigID, config.SharedVPCConfig.RouteRoleARN, ocm.DefaultChannelGroup, config.SharedVPCConfig.VPCEndpointRoleARN)
302296
return err
@@ -315,7 +309,7 @@ func (r *ROSARoleConfigReconciler) reconcileOIDCConfig(roleConfig *expinfrav1.RO
315309
}
316310
// Try to get OIDC UUID from some operator role policy document.
317311
roleName := fmt.Sprintf("%s-openshift-ingress-operator-cloud-credentials", roleConfig.Spec.OperatorRoleConfig.Prefix)
318-
roleDetails, err := scope.IAMClient().GetRole(&iam.GetRoleInput{
312+
roleDetails, err := scope.IAMClient().GetRole(context.TODO(), &iamv2.GetRoleInput{
319313
RoleName: &roleName,
320314
})
321315
if err != nil {
@@ -407,15 +401,15 @@ func (r *ROSARoleConfigReconciler) createAccountRoles(ctx context.Context, roleC
407401
}
408402

409403
for _, role := range accountRoles {
410-
if strings.Contains(role.RoleName, fmt.Sprintf("%s-HCP-ROSA-Installer", config.Prefix)) {
404+
if role.RoleName == fmt.Sprintf("%s-HCP-ROSA-Installer-Role", config.Prefix) {
411405
createRoles = false
412406
scope.RosaRoleConfig.Status.AccountRolesRef.InstallerRoleARN = role.RoleARN
413407
}
414-
if strings.Contains(role.RoleName, fmt.Sprintf("%s-HCP-ROSA-Support", config.Prefix)) {
408+
if role.RoleName == fmt.Sprintf("%s-HCP-ROSA-Support-Role", config.Prefix) {
415409
createRoles = false
416410
scope.RosaRoleConfig.Status.AccountRolesRef.SupportRoleARN = role.RoleARN
417411
}
418-
if strings.Contains(role.RoleName, fmt.Sprintf("%s-HCP-ROSA-Worker", config.Prefix)) {
412+
if role.RoleName == fmt.Sprintf("%s-HCP-ROSA-Worker-Role", config.Prefix) {
419413
createRoles = false
420414
scope.RosaRoleConfig.Status.AccountRolesRef.WorkerRoleARN = role.RoleARN
421415
}
@@ -612,21 +606,28 @@ func (r ROSARoleConfigReconciler) rosaRolesConfigReady(scope *scope.RosaRoleConf
612606
scope.RosaRoleConfig.Status.AccountRolesRef.InstallerRoleARN == "" ||
613607
scope.RosaRoleConfig.Status.AccountRolesRef.SupportRoleARN == "" ||
614608
scope.RosaRoleConfig.Status.AccountRolesRef.WorkerRoleARN == "" ||
615-
scope.RosaRoleConfig.Status.OperatorRolesRef.ControlPlaneOperatorARN == "" ||
616-
scope.RosaRoleConfig.Status.OperatorRolesRef.ImageRegistryARN == "" ||
617-
scope.RosaRoleConfig.Status.OperatorRolesRef.IngressARN == "" ||
618-
scope.RosaRoleConfig.Status.OperatorRolesRef.KMSProviderARN == "" ||
619-
scope.RosaRoleConfig.Status.OperatorRolesRef.KubeCloudControllerARN == "" ||
620-
scope.RosaRoleConfig.Status.OperatorRolesRef.NetworkARN == "" ||
621-
scope.RosaRoleConfig.Status.OperatorRolesRef.NodePoolManagementARN == "" ||
622-
scope.RosaRoleConfig.Status.OperatorRolesRef.StorageARN == "" {
609+
!r.operatorRolesReady(&scope.RosaRoleConfig.Status.OperatorRolesRef) {
610+
return false
611+
}
612+
return true
613+
}
614+
615+
func (r ROSARoleConfigReconciler) operatorRolesReady(operatorRolesRef *v1beta2.AWSRolesRef) bool {
616+
if operatorRolesRef.ControlPlaneOperatorARN == "" ||
617+
operatorRolesRef.ImageRegistryARN == "" ||
618+
operatorRolesRef.IngressARN == "" ||
619+
operatorRolesRef.KMSProviderARN == "" ||
620+
operatorRolesRef.KubeCloudControllerARN == "" ||
621+
operatorRolesRef.NetworkARN == "" ||
622+
operatorRolesRef.NodePoolManagementARN == "" ||
623+
operatorRolesRef.StorageARN == "" {
623624
return false
624625
}
625626
return true
626627
}
627628

628629
// GetOIDCIDFromOperatorRole extracts the OIDC UUID from the operator role policy document.
629-
func (r *ROSARoleConfigReconciler) GetOIDCIDFromOperatorRole(scope *scope.RosaRoleConfigScope, roleDetails *iam.GetRoleOutput) (string, error) {
630+
func (r *ROSARoleConfigReconciler) GetOIDCIDFromOperatorRole(scope *scope.RosaRoleConfigScope, roleDetails *iamv2.GetRoleOutput) (string, error) {
630631
decodedString, err := url.QueryUnescape(*roleDetails.Role.AssumeRolePolicyDocument)
631632
if err != nil {
632633
return "", err

pkg/cloud/scope/rosaroleconfig.go

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,8 @@ package scope
1919
import (
2020
"context"
2121

22-
awsclient "github.com/aws/aws-sdk-go/aws/client"
23-
"github.com/aws/aws-sdk-go/service/iam"
22+
awsv2 "github.com/aws/aws-sdk-go-v2/aws"
23+
iamv2 "github.com/aws/aws-sdk-go-v2/service/iam"
2424
"github.com/pkg/errors"
2525
corev1 "k8s.io/api/core/v1"
2626
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -52,8 +52,8 @@ type RosaRoleConfigScope struct {
5252
patchHelper *patch.Helper
5353
RosaRoleConfig *expinfrav1.ROSARoleConfig
5454
serviceLimiters throttle.ServiceLimiters
55-
session awsclient.ConfigProvider
56-
iamClient *iam.IAM
55+
session awsv2.Config
56+
iamClient *iamv2.Client
5757
}
5858

5959
// NewRosaRoleConfigScope creates a new RosaRoleConfigScope from the supplied parameters.
@@ -71,21 +71,21 @@ func NewRosaRoleConfigScope(params RosaRoleConfigScopeParams) (*RosaRoleConfigSc
7171
RosaRoleConfig: params.RosaRoleConfig,
7272
}
7373

74-
session, serviceLimiters, err := sessionForClusterWithRegion(params.Client, RosaRoleConfigScope, "", params.Endpoints, params.Logger)
74+
sessionv2, serviceLimitersv2, err := sessionForClusterWithRegionV2(params.Client, RosaRoleConfigScope, "", params.Endpoints, params.Logger)
7575
if err != nil {
76-
return nil, errors.Errorf("failed to create aws session: %v", err)
76+
return nil, errors.Errorf("failed to create aws V2 session: %v", err)
7777
}
7878

79-
iamClient := iam.New(session)
79+
iamClient := iamv2.NewFromConfig(*sessionv2)
8080

8181
patchHelper, err := patch.NewHelper(params.RosaRoleConfig, params.Client)
8282
if err != nil {
8383
return nil, errors.Wrap(err, "failed to init patch helper")
8484
}
8585

8686
RosaRoleConfigScope.patchHelper = patchHelper
87-
RosaRoleConfigScope.session = session
88-
RosaRoleConfigScope.serviceLimiters = serviceLimiters
87+
RosaRoleConfigScope.session = *sessionv2
88+
RosaRoleConfigScope.serviceLimiters = serviceLimitersv2
8989
RosaRoleConfigScope.iamClient = iamClient
9090

9191
return RosaRoleConfigScope, nil
@@ -96,8 +96,8 @@ func (s *RosaRoleConfigScope) IdentityRef() *infrav1.AWSIdentityReference {
9696
return s.RosaRoleConfig.Spec.IdentityRef
9797
}
9898

99-
// Session returns the AWS SDK session (used for creating clients).
100-
func (s *RosaRoleConfigScope) Session() awsclient.ConfigProvider {
99+
// Session returns the AWS SDK V2 session. Used for creating clients.
100+
func (s *RosaRoleConfigScope) Session() awsv2.Config {
101101
return s.session
102102
}
103103

@@ -165,6 +165,6 @@ func (s *RosaRoleConfigScope) CredentialsSecret() *corev1.Secret {
165165
}
166166

167167
// IAMClient returns the IAM client.
168-
func (s *RosaRoleConfigScope) IAMClient() *iam.IAM {
168+
func (s *RosaRoleConfigScope) IAMClient() *iamv2.Client {
169169
return s.iamClient
170170
}

0 commit comments

Comments
 (0)