-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: (PSKD-678) viya4-aws-iac creates an incomplete IAM policy for the autoscaler Service Account redo #302
Conversation
…e autoscaler Service Account redo
This is a duplicate of #292. |
Subject: Request for Proper Attribution of My Contribution in PR #302 (PSKD-678) Hi @maintainers, I am writing to formally request that proper attribution be given to my contribution in PR #302 (PSKD-678), which has now been merged. The fix provided in PR #302 (PSKD-678) directly incorporates the solution I originally proposed in PR #292. Unfortunately, despite my significant role in resolving the IAM policy issue, there has been no acknowledgment or attribution to me in PR #302 (PSKD-678). Here are the reasons why I believe this request is necessary:
Given these points, I respectfully request that appropriate attribution be added to PR #302 (PSKD-678) to acknowledge my contribution to the fix. I believe this is in the interest of fairness and transparency, and it would ensure that contributors receive the recognition they deserve for their work. Thank you for your attention to this matter, and I look forward to your response. Best regards, |
Hi @maintainers, Allow me to clarify further: I am hereby asserting full ownership of the fix that has been incorporated in PR #302/PSKD-678, currently in staging. The specific change, which involves updates to the IAM policy, is identical to the contribution I made in PR #292, submitted on June 6, 2024. This contribution was tested in multiple environments at OPS premises back in May and June of 2024. The specific IAM policy change that I proposed—and that is now reflected in PR #302/PSKD-678—is as follows: Permissions based off the IAM Policy recommended by kubernetes/autoscalerhttps://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.25.0/cluster-autoscaler/cloudprovider/aws/README.mdhttps://github.com/kubernetes/autoscaler/blob/cluster-autoscaler-chart-9.36.0/cluster-autoscaler/cloudprovider/aws/README.mddata "aws_iam_policy_document" "worker_autoscaling" { This code, which is now integrated into PSKD-678, was directly taken from my PR (#292), which you closed without merging, thereby sidestepping your legal obligation to attribute my contribution under the Apache 2.0 license, specifically Section 4 of the license, which states:
By closing PR #292 without merging and incorporating my work into PR #302/PSKD-678, you have failed to provide the required attribution, violating my copyright and the terms of the license under which I contributed.
If these actions are not taken immediately, I reserve the right to take further steps to protect my intellectual property, including but not limited to escalating this matter legally or seeking remedies via formal DMCA channels. Your prompt attention to this matter is both legally required and expected. Best regards, |
Hi @bkoprivica, thanks for making us aware of this. We do appreciate your contribution to the project! We reviewed your proposed solution (in #292). We weren’t able to merge your PR directly from GitHub or in its entirety, because we work with most code submissions internally before merging them. We do this so we can perform some checks (unit tests, security scans, etc.) using internal tools first. In this case, we incorporated parts of your PR into a PR that we merged ourselves. Your work was very helpful in getting us on the right track! We typically work this way, but we could be clearer about that process. We've updated the project's CONTRIBUTING.md file to be more transparent about our code review process so contributors have a better idea of what to expect from us. We haven't yet issued a release of viya4-aws-iac that contains parts of your solution, but when we do, we'll be sure to acknowledge your contribution by including your GitHub ID and the original PR link in the release notes. Thanks again for contributing to our projects! |
Subject: Request for Timely Attribution Under Apache 2.0 License Hi @maintainers, Thank you for your response and for recognizing my contribution to PR #302 (PSKD-678). I appreciate the acknowledgement of my work and your intention to include attribution in the next release of the viya4-iac-aws project. I wanted to kindly point out that the Apache 2.0 license requires attribution at the time of distribution. Since the code from PR #302 has been publicly accessible on GitHub for several days, it has already been distributed to the public. With that in mind, I would greatly appreciate it if proper attribution could be added at this stage, in line with the licence's requirements. I fully understand that your process may involve future releases, and I appreciate your transparency in how you handle code contributions. However, it would be very helpful for me, and in keeping with the Apache 2.0 license, if you could update the relevant files, such as the NOTICE file or the release notes, to include my contribution in the current repository state. I believe this would resolve the issue in a smooth and timely manner. I’m confident that this small action will be straightforward to implement and will help ensure compliance with the license. I look forward to seeing the update and appreciate your understanding and cooperation. Thanks again for your time and attention to this matter. I truly value the collaboration and your efforts in maintaining this important project. Best regards, |
Hi @bkoprivica, you can anticipate a new IaC AWS release including release notes that include attribution for your helpful code contribution no later than tomorrow, thank you. |
…e autoscaler Service Account redo (#302)
We've updated the IAM cluster-autoscaler policy to address an unwanted error message
kubectl -n kube-system logs -l 'app.kubernetes.io/instance=cluster-autoscaler' --tail=-1 | grep '^E'
E0604 20:35:15.324713 1 aws_manager.go:308] Failed to get labels from EKS DescribeNodegroup API for nodegroup cas-202401... in cluster viya-... because AccessDeniedException: User: arn:aws:sts::7...
/viya-...-cluster-autoscaler/17... is not authorized to perform eks:DescribeNodegroup on resource: arn:aws:eks:ca-central-1:7...:nodegroup/viya.../cas-202401...-dea0-52....