Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix operator RBAC rules #1084

Merged
merged 2 commits into from
Jun 12, 2023
Merged

Fix operator RBAC rules #1084

merged 2 commits into from
Jun 12, 2023

Conversation

SimonBaeumer
Copy link
Member

@SimonBaeumer SimonBaeumer commented Jun 12, 2023
edited
Loading

Description

Fix RBAC operator rules in fleetshard deployment.
These were missing when the fleetshard-based installation was introducded.
Currently this operator installation is protected by a feature flag and not used in production.

Checklist (Definition of Done)

  • Unit and integration tests added
  • Added test description under Test manual
  • Documentation added if necessary (i.e. changes to dev setup, test execution, ...)
  • CI and all relevant tests are passing
  • Add the ticket number to the PR title if available, i.e. ROX-12345: ...
  • Discussed security and business related topics privately. Will move any security and business related topics that arise to private communication channel.
  • Add secret to app-interface Vault or Secrets Manager if necessary
  • RDS changes were e2e tested manually
  • Check AWS limits are reasonable for changes provisioning new resources

Test manual

  • needs to be added later

@SimonBaeumer SimonBaeumer requested a review from kurlov June 12, 2023 12:10
@SimonBaeumer SimonBaeumer temporarily deployed to development June 12, 2023 12:10 — with GitHub Actions Inactive
@SimonBaeumer SimonBaeumer temporarily deployed to development June 12, 2023 12:10 — with GitHub Actions Inactive
@SimonBaeumer SimonBaeumer temporarily deployed to development June 12, 2023 12:10 — with GitHub Actions Inactive
@SimonBaeumer SimonBaeumer requested a review from ludydoo June 12, 2023 12:11
ludydoo
ludydoo approved these changes Jun 12, 2023
View reviewed changes
fleetshard/pkg/central/charts/data/rhacs-operator/templates/rhacs-operator-role.yaml Outdated
kind: ClusterRole
metadata:
name: rhacs-operator
namespace: stackrox-operator
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is superfluous for cluster-scoped resources

fleetshard/pkg/central/charts/data/rhacs-operator/templates/rhacs-operator-role.yaml
subjects:
- kind: ServiceAccount
name: rhacs-operator-controller-manager
namespace: stackrox-operator
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be rhacs?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, stackrox-operator is currently used for the operator deployment. It changes eventually to rhacs.

@openshift-ci openshift-ci bot added the lgtm label Jun 12, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 12, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ludydoo, SimonBaeumer

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot removed the lgtm label Jun 12, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 12, 2023

New changes are detected. LGTM label has been removed.

@SimonBaeumer SimonBaeumer temporarily deployed to development June 12, 2023 12:55 — with GitHub Actions Inactive
@SimonBaeumer SimonBaeumer temporarily deployed to development June 12, 2023 12:55 — with GitHub Actions Inactive
@SimonBaeumer SimonBaeumer temporarily deployed to development June 12, 2023 12:55 — with GitHub Actions Inactive
@SimonBaeumer SimonBaeumer enabled auto-merge (squash) June 12, 2023 12:56
@SimonBaeumer SimonBaeumer merged commit 1987179 into main Jun 12, 2023
@SimonBaeumer SimonBaeumer deleted the sb/fix-operator-rbac-test branch June 12, 2023 13:43
@vladbologa vladbologa mentioned this pull request Jun 12, 2023
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ludydoo ludydoo ludydoo approved these changes

@kurlov kurlov Awaiting requested review from kurlov

Assignees

@ludydoo ludydoo

Labels
approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SimonBaeumer @ludydoo