Skip to content

Commit

Permalink
check for invalid object ID before RBAC template creation
Browse files Browse the repository at this point in the history
  • Loading branch information
gniranjan committed Sep 30, 2024
1 parent fcfd3b2 commit ea8ef31
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions pkg/cluster/deploybaseresources_additional.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,9 @@ func (m *manager) ensureWorkloadIdentityRBAC() ([]*arm.Resource, error) {
return nil, err
}
clusterMSI := m.doc.OpenShiftCluster.Identity.UserAssignedIdentities[clusterMSIResourceId.String()]
if strings.TrimSpace(clusterMSI.PrincipalID) == "" {
return nil, fmt.Errorf("cluster MSI principal ID '%s' is invalid for clusterMSIResourceId %s", clusterMSI.PrincipalID, clusterMSIResourceId.String())
}

resources := []*arm.Resource{}
managedRG := stringutils.LastTokenByte(m.doc.OpenShiftCluster.Properties.ClusterProfile.ResourceGroupID, '/')
Expand Down Expand Up @@ -132,6 +135,10 @@ func (m *manager) platformWorkloadIdentityRBAC(managedRG string) ([]*arm.Resourc
continue
}

if strings.TrimSpace(identity.ObjectID) == "" {
return nil, fmt.Errorf("WI object ID '%s' is invalid for WI with resource ID %s", identity.ObjectID, identity.ResourceID)
}

roleID := stringutils.LastTokenByte(role.RoleDefinitionID, '/')
resources = append(resources, m.workloadIdentityResourceGroupRBAC(roleID, identity.ObjectID, managedRG))
}
Expand Down

0 comments on commit ea8ef31

Please sign in to comment.