From f9f9d39f1828d72f445e4920b37fe190871c6ceb Mon Sep 17 00:00:00 2001 From: Michaela Parilova Date: Tue, 23 Jul 2024 14:23:54 +0200 Subject: [PATCH] OCM-7875 | fix: Do not allow managed policies role without hcp flag --- cmd/create/operatorroles/cmd.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/cmd/create/operatorroles/cmd.go b/cmd/create/operatorroles/cmd.go index c44be6a205..424c8e50aa 100644 --- a/cmd/create/operatorroles/cmd.go +++ b/cmd/create/operatorroles/cmd.go @@ -185,6 +185,18 @@ func run(cmd *cobra.Command, argv []string) { os.Exit(1) } + if !args.hostedCp && args.installerRoleArn != "" { + managedPolicies, err := r.AWSClient.HasManagedPolicies(args.installerRoleArn) + if err != nil { + r.Reporter.Errorf("Failed to determine if cluster has managed policies: %v", err) + os.Exit(1) + } + if managedPolicies { + r.Reporter.Errorf("The managed policies are not supported for classic operator-roles.") + os.Exit(1) + } + } + var cluster *cmv1.Cluster if args.prefix == "" { cluster = r.FetchCluster()