Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: (PSKD-678) viya4-aws-iac creates an incomplete IAM policy for the autoscaler Service Account redo #302

Merged
merged 1 commit into from
Sep 6, 2024

Conversation

iadomi
Copy link
Contributor

@iadomi iadomi commented Sep 6, 2024

We've updated the IAM cluster-autoscaler policy to address an unwanted error message

kubectl -n kube-system logs -l 'app.kubernetes.io/instance=cluster-autoscaler' --tail=-1 | grep '^E'

E0604 20:35:15.324713 1 aws_manager.go:308] Failed to get labels from EKS DescribeNodegroup API for nodegroup cas-202401... in cluster viya-... because AccessDeniedException: User: arn:aws:sts::7...
/viya-...-cluster-autoscaler/17... is not authorized to perform eks:DescribeNodegroup on resource: arn:aws:eks:ca-central-1:7...:nodegroup/viya.../cas-202401...-dea0-52....

@dhoucgitter dhoucgitter added the bug Something isn't working label Sep 6, 2024
@iadomi iadomi self-assigned this Sep 6, 2024
@iadomi iadomi merged commit 8bad328 into staging Sep 6, 2024
4 checks passed
@bkoprivica
Copy link

This is a duplicate of #292.

@dhoucgitter dhoucgitter deleted the PSKD-678-redo branch September 10, 2024 15:44
@bkoprivica
Copy link

Subject: Request for Proper Attribution of My Contribution in PR #302 (PSKD-678)

Hi @maintainers,

I am writing to formally request that proper attribution be given to my contribution in PR #302 (PSKD-678), which has now been merged. The fix provided in PR #302 (PSKD-678) directly incorporates the solution I originally proposed in PR #292. Unfortunately, despite my significant role in resolving the IAM policy issue, there has been no acknowledgment or attribution to me in PR #302 (PSKD-678).

Here are the reasons why I believe this request is necessary:

Failure to Attribute Properly:
    While both myself and @sbralg were acknowledged in earlier discussions, the core solution for the IAM policy issue originates from my work in PR #292. Despite this, I have not been properly attributed in PR #302, which uses the core logic and structure I introduced.

Closed PR with Unmerged Fix:
    PR #292 was closed without merging, even though it contained the original working fix that directly addressed the autoscaler IAM policy issue. The solution in PR #302 (PSKD-678) essentially reiterates the same fix, yet I have not received proper credit for my original work.

Copyright Concerns:
    Since PR #302 (PSKD-678) builds on the solution I proposed in PR #292 without giving me proper attribution, this may constitute a copyright infringement and a violation of the Apache 2.0 license, which requires appropriate credit for contributors.

Significance of the Fix:
    The issue addressed in both PR #292 and PR #302 (PSKD-678) was a critical one, resolving the autoscaling capability of SAS Viya 4 on AWS. As this is a key feature with both commercial and technical implications, it is important that my contribution be properly acknowledged.

Given these points, I respectfully request that appropriate attribution be added to PR #302 (PSKD-678) to acknowledge my contribution to the fix. I believe this is in the interest of fairness and transparency, and it would ensure that contributors receive the recognition they deserve for their work.

Thank you for your attention to this matter, and I look forward to your response.

Best regards,
@bkoprivica

@bkoprivica
Copy link

Hi @maintainers,

Allow me to clarify further:

I am hereby asserting full ownership of the fix that has been incorporated in PR #302/PSKD-678, currently in staging. The specific change, which involves updates to the IAM policy, is identical to the contribution I made in PR #292, submitted on June 6, 2024. This contribution was tested in multiple environments at OPS premises back in May and June of 2024.

The specific IAM policy change that I proposed—and that is now reflected in PR #302/PSKD-678—is as follows:
"

Permissions based off the IAM Policy recommended by kubernetes/autoscaler

https://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.25.0/cluster-autoscaler/cloudprovider/aws/README.md

https://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.36.0/cluster-autoscaler/cloudprovider/aws/README.md

data "aws_iam_policy_document" "worker_autoscaling" {
statement {
sid = "eksWorkerAutoscalingAll"
@@ -17,6 +17,9 @@ data "aws_iam_policy_document" "worker_autoscaling" {
"autoscaling:DescribeTags",
"ec2:DescribeInstanceTypes",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeImages",
"ec2:GetInstanceTypesFromInstanceRequirements",
"eks:DescribeNodegroup"
]"

This code, which is now integrated into PSKD-678, was directly taken from my PR (#292), which you closed without merging, thereby sidestepping your legal obligation to attribute my contribution under the Apache 2.0 license, specifically Section 4 of the license, which states:

"You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work..."

By closing PR #292 without merging and incorporating my work into PR #302/PSKD-678, you have failed to provide the required attribution, violating my copyright and the terms of the license under which I contributed.
I hereby formally demand the following:

Immediate correction in the form of proper attribution of my contribution in PR #302 (now PSKD-678), as required by the Apache 2.0 license.
An official acknowledgment that the code change was first provided by me in PR #292 and that it was wrongfully excluded from the merge.

If these actions are not taken immediately, I reserve the right to take further steps to protect my intellectual property, including but not limited to escalating this matter legally or seeking remedies via formal DMCA channels.

Your prompt attention to this matter is both legally required and expected.

Best regards,
Branko Koprivica (@bkoprivica)

@dhoucgitter
Copy link
Member

Hi @bkoprivica, thanks for making us aware of this. We do appreciate your contribution to the project!

We reviewed your proposed solution (in #292). We weren’t able to merge your PR directly from GitHub or in its entirety, because we work with most code submissions internally before merging them. We do this so we can perform some checks (unit tests, security scans, etc.) using internal tools first. In this case, we incorporated parts of your PR into a PR that we merged ourselves. Your work was very helpful in getting us on the right track!

We typically work this way, but we could be clearer about that process. We've updated the project's CONTRIBUTING.md file to be more transparent about our code review process so contributors have a better idea of what to expect from us.

We haven't yet issued a release of viya4-aws-iac that contains parts of your solution, but when we do, we'll be sure to acknowledge your contribution by including your GitHub ID and the original PR link in the release notes.

Thanks again for contributing to our projects!

@bkoprivica
Copy link

Subject: Request for Timely Attribution Under Apache 2.0 License

Hi @maintainers,

Thank you for your response and for recognizing my contribution to PR #302 (PSKD-678). I appreciate the acknowledgement of my work and your intention to include attribution in the next release of the viya4-iac-aws project.

I wanted to kindly point out that the Apache 2.0 license requires attribution at the time of distribution. Since the code from PR #302 has been publicly accessible on GitHub for several days, it has already been distributed to the public. With that in mind, I would greatly appreciate it if proper attribution could be added at this stage, in line with the licence's requirements.

I fully understand that your process may involve future releases, and I appreciate your transparency in how you handle code contributions. However, it would be very helpful for me, and in keeping with the Apache 2.0 license, if you could update the relevant files, such as the NOTICE file or the release notes, to include my contribution in the current repository state. I believe this would resolve the issue in a smooth and timely manner.

I’m confident that this small action will be straightforward to implement and will help ensure compliance with the license. I look forward to seeing the update and appreciate your understanding and cooperation.

Thanks again for your time and attention to this matter. I truly value the collaboration and your efforts in maintaining this important project.

Best regards,
Branko Koprivica (@bkoprivica)

@dhoucgitter
Copy link
Member

Hi @bkoprivica, you can anticipate a new IaC AWS release including release notes that include attribution for your helpful code contribution no later than tomorrow, thank you.

dhoucgitter pushed a commit that referenced this pull request Sep 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants