refactor(k8s): move IAM requirements to k8s/requirements/aws + rename role to convention#194
Open
agustincelentano wants to merge 1 commit into
Open
refactor(k8s): move IAM requirements to k8s/requirements/aws + rename role to convention#194agustincelentano wants to merge 1 commit into
agustincelentano wants to merge 1 commit into
Conversation
…e role Move the k8s permissions-role module from k8s/specs/tofu to k8s/requirements/aws, aligning with the lambda/static-files requirements layout. Rename the default permissions role to nullplatform_<cluster>_k8s_role (was nullplatform-<cluster>-agent-permissions-role) to follow the nullplatform_<cluster>_<scope>_role convention. BREAKING: consumers referencing //k8s/specs/tofu must update the source to //k8s/requirements/aws.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Qué
Alinea el scope k8s con el layout y naming de
lambdaystatic-files:k8s/specs/tofu→k8s/requirements/aws(git rename, preserva historial). Dejak8s/requirements/<cloud>para multi-cloud futuro, igual questatic-files/requirements/aws.nullplatform-<cluster>-agent-permissions-role→nullplatform_<cluster>_k8s_role, siguiendo la convenciónnullplatform_<cluster>_<scope>_role(lambda =_lambda_role, static =_static_files_role). Se puede overridear conpermissions_role_name.El runtime del scope resuelve el rol por selector, no por nombre, así que el rename no afecta la lógica de assume-role; solo recrea el recurso IAM.
//k8s/specs/tofu?ref=betadeben actualizar elsourcea//k8s/requirements/aws. La ruta vieja deja de existir.k8s).Validación
tofu validate+fmtOK sobrek8s/requirements/aws.implementation-awsapuntando a esta branch:plan=4 to add, 1 to change, 4 to destroy(recreate del rol + re-attach; policies intactas).Nota
PR abierto para revisión/coordinación antes de mergear: el cambio de path y el recreate del rol impactan a otras implementaciones que consuman
scopes//k8s @ beta.