-
Task
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
3
-
False
-
None
-
False
-
Yes
-
Sprint 23
WHAT
CRO is expected to tag all resources that it creates with the tag `redhat-managed` that has value of `true`. Redis and RDS snapshots haven't been setup to be tagged on creation which lead to the following errors, due to minimal IAM policy restrictions https://issues.redhat.com/browse/MGDAPI-1719:
2022-04-12T15:00:03.368Z ERROR controller.postgressnapshot Reconciler error {"reconciler group": "integreatly.org", "reconciler kind": "PostgresSnapshot", "name": "threescale-postgres-rhoam-snapshot-test-2022-04-12-152422", "namespace": "redhat-rhoam-operator", "error": "error creating rds snapshot: AccessDenied: User: arn:aws:sts::408612754352:assumed-role/rhoam_role/Red-Hat-cloud-resources-operator is not authorized to perform: rds:CreateDBSnapshot on resource: arn:aws:rds:eu-west-1:408612754352:db:kfccsstswcw8gredhatrhoamoperatorthr-x6f2 because no identity-based policy allows the rds:CreateDBSnapshot action\n\tstatus code: 403, request id: 4a9931ca-a704-44e5-93a8-927cfec44685", "errorVerbose": "AccessDenied: User: arn:aws:sts::408612754352:assumed-role/rhoam_role/Red-Hat-cloud-resources-operator is not authorized to perform: rds:CreateDBSnapshot on resource: arn:aws:rds:eu-west-1:408612754352:db:kfccsstswcw8gredhatrhoamoperatorthr-x6f2 because no identity-based policy allows the rds:CreateDBSnapshot ac...
HOW
To prevent the unauthorized error CRO has to tag Redis and RDS snapshots with `red-hat-managed` on creation.
TESTS
<List of related tests>
DONE
CRO can create Redis and RDS snapshots with no errors