feat: aws package, so builder and signet_node are isolated to k8s resources #4
Conversation
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
There was a problem hiding this comment.
Pull Request Overview
This PR extracts AWS IAM/KMS resource management out of the builder package into a dedicated pkg/aws module, removing inline IAM/KMS types and creation logic from pkg/builder and adding shared types, factory functions, and tests under pkg/aws.
- Removed inline IAM/KMS types, helpers, and tests from
pkg/builder - Added
pkg/aws/types.gowith policy document definitions - Introduced
pkg/aws/iam.gowithCreateIAMResourcesandCreateKMSPolicy, plus one unit test
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/builder/types.go | Removed AWS IAM imports and type definitions |
| pkg/builder/helpers.go | Deleted CreateKMSPolicy helper |
| pkg/builder/helpers_test.go | Removed now-obsolete KMS policy unit tests |
| pkg/builder/builder.go | Stripped out IAM role/policy creation code |
| pkg/aws/types.go | Added shared IAM/KMS policy type definitions |
| pkg/aws/iam.go | New AWS IAM/KMS resource factory functions |
| pkg/aws/iam_test.go | Added test for KMS policy creation |
Comments suppressed due to low confidence (2)
pkg/builder/builder.go:38
- IAM resource creation was removed from NewBuilder but no new call to aws.CreateIAMResources was added, so the component no longer provisions required IAM roles and policies. Consider invoking CreateIAMResources and integrating its outputs into the builder component.
// Create ConfigMap for environment variables
pkg/aws/iam.go:19
- CreateIAMResources is not covered by any unit tests. Consider adding tests to validate IAM role creation, policy generation, and attachment logic.
func CreateIAMResources(
| PolicyAttachment *iam.RolePolicyAttachment | ||
| } | ||
|
|
||
| // CreateIAMResources creates IAM resources (role, policy, and policy attachment) for a component |
There was a problem hiding this comment.
Exported function CreateIAMResources lacks a top-level doc comment. Please add a comment describing its purpose, parameters, and return values to improve API discoverability.
| // CreateIAMResources creates IAM resources (role, policy, and policy attachment) for a component | |
| // CreateIAMResources creates AWS IAM resources (role, policy, and policy attachment) for a component. | |
| // | |
| // Parameters: | |
| // - ctx: The Pulumi context used for resource creation. | |
| // - name: A unique name for the IAM resources. | |
| // - serviceName: The name of the service that will use the IAM role. | |
| // - keyArn: The ARN of the KMS key to include in the policy. | |
| // - parent: The parent Pulumi resource for organizational purposes. | |
| // | |
| // Returns: | |
| // - *IAMResources: A struct containing the created IAM role, policy, and policy attachment. | |
| // - error: An error if any of the resource creation steps fail. |
Copilot uses AI. Check for mistakes.
| @@ -0,0 +1,34 @@ | |||
| package aws | |||
There was a problem hiding this comment.
[nitpick] Exported types IAMStatement, IAMPolicy, KMSStatement, and KMSPolicy lack documentation. Consider adding type-level comments to clarify their structure and intended usage.
Copilot uses AI. Check for mistakes.
No description provided.