Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove priority from container-build SCC #1605

Closed

Conversation

amisevsk
Copy link
Contributor

What does this PR do?

Remove the priority field from the container-build SCC that is created by Che. Previously this field was introduced to workaround issue devfile/devworkspace-operator#884, and is no longer required since eclipse-che/che#21770 is resolved.

Screenshot/screencast of this PR

N/A

What issues does this PR fix or reference?

Closes eclipse-che/che#21959

How to test this PR?

  1. Install Che, enable container-build in CheCluster. Note that in current builds of Che, DevWorkspace Operator v0.18.0 and higher is required.
  2. Create an SCC we don't intend to use: https://gist.github.com/l0rd/87337c08ecf414499681261f9fbcebe2
  3. Start a workspace and verify that container build works as intended; container-build SCC is used instead of the restricted-runasuser SCC created in step 2

PR Checklist

As the author of this Pull Request I made sure that:

Reviewers

Reviewers, please comment how you tested the PR when approving it.

Previously-applied workaround is no longer necessary, as SCC selection
was fixed with eclipse-che/che#21770.

Signed-off-by: Angel Misevski <[email protected]>
@openshift-ci
Copy link

openshift-ci bot commented Jan 26, 2023

@amisevsk: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/v11-operator-test 09b0947 link true /test v11-operator-test

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

Copy link
Member

@ibuziuk ibuziuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Copy link
Member

@ibuziuk ibuziuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tolusha we should backport it to 7.58.x to have it in 3.4 I believe

@openshift-ci
Copy link

openshift-ci bot commented Jan 26, 2023

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: amisevsk, ibuziuk

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ibuziuk
Copy link
Member

ibuziuk commented Jan 26, 2023

after a discussion with @amisevsk looks like we also need to backport #1576 to 7.58.x

@amisevsk
Copy link
Contributor Author

amisevsk commented Jan 26, 2023

Specifically, backporting #1549 (which is part of #1576) is required if this PR is backported. In the backport, #1596 should also be included, as #1549 uses the incorrect value for allowPrivilegeEscalation

@tolusha
Copy link
Contributor

tolusha commented Jan 27, 2023

Should be closed in favor of #1606

@amisevsk amisevsk closed this Jan 27, 2023
@amisevsk amisevsk deleted the container-build-scc-priority branch January 27, 2023 16:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Do not set priority on container-build SCC when container-build is enabled
3 participants