Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Openshift] Admin user can disable auto creation of RBAC resources #412

Merged
merged 1 commit into from
Oct 7, 2021
Merged

[Openshift] Admin user can disable auto creation of RBAC resources #412

merged 1 commit into from
Oct 7, 2021

Conversation

savitaashture
Copy link
Contributor

@savitaashture savitaashture commented Sep 20, 2021
edited
Loading

Changes

This PR provides a way to admin user to disable auto creation of RBAC resources at cluster level
At cluster level

  • Set
  params:
  - name: createRbacResource
    value: false

in TektonConfig CR

TEP: openshift-pipelines/enhancements#3

/cc @nikhil-thomas @vdemeester @sm43

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

See the contribution guide for more details.

Release Notes

Admin can disable auto creation of RBAC resources (ServiceAccount, RoleBinding, SCCRoleBinding, CABundlesConfigMap and add openshift-pipelines-clusterinterceptors ClusterRoleBinding) at cluster level.

@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Sep 20, 2021
@tekton-robot
Copy link
Contributor

@savitaashture: GitHub didn't allow me to request PR reviews from the following users: ppitonak.

Note that only tektoncd members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

Not sure whether we can clean the label as part of Operator uninstall as label is injected by user and not by Operator so i am thinking let user remove it based on their use case
But i may be wrong in considering end user scenario

/cc @ppitonak @vdemeester

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@savitaashture savitaashture force-pushed the rbac-rsource-disable branch 3 times, most recently from 5870e00 to 9ce749c Compare September 20, 2021 15:14
@vdemeester
Copy link
Member

/hold

@tekton-robot tekton-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 21, 2021
@savitaashture savitaashture force-pushed the rbac-rsource-disable branch 2 times, most recently from bbb9410 to 76bb9b0 Compare September 23, 2021 04:36
@tekton-robot tekton-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 24, 2021
@savitaashture savitaashture changed the title Option to disable the default creation of RBAC resources [WIP] Option to disable the default creation of RBAC resources Sep 27, 2021
@tekton-robot tekton-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 27, 2021
@tekton-robot tekton-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 28, 2021
@savitaashture savitaashture changed the title [WIP] Option to disable the default creation of RBAC resources Option to disable the default creation of RBAC resources Sep 28, 2021
@tekton-robot tekton-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 28, 2021
@savitaashture
Copy link
Contributor Author

/hold cancel

@tekton-robot tekton-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 28, 2021
@savitaashture savitaashture changed the title Option to disable the default creation of RBAC resources [Openshift] Admin user can disable auto creation of RBAC resources Sep 30, 2021
@savitaashture
Copy link
Contributor Author

@nikhil-thomas as per the discussion I have updated PR
PTAL

@sm43
Copy link
Member

sm43 commented Oct 4, 2021

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 4, 2021
@sm43
Copy link
Member

sm43 commented Oct 4, 2021
edited
Loading

/hold
to address some minor comments 😅
also @nikhil-thomas ptal :)

@tekton-robot tekton-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 4, 2021
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Oct 4, 2021
@savitaashture
Copy link
Contributor Author

/hold to address some minor comments sweat_smile also @nikhil-thomas ptal :)

@sm43 fixed review comments

@tekton-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vdemeester

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@nikhil-thomas
Copy link
Member

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 7, 2021
@savitaashture
Copy link
Contributor Author

/hold cancel

@tekton-robot tekton-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 7, 2021
@tekton-robot tekton-robot merged commit 82683a0 into tektoncd:main Oct 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sm43 sm43 sm43 left review comments

@nikhil-thomas nikhil-thomas nikhil-thomas left review comments

@vdemeester vdemeester vdemeester approved these changes

@pradeepitm12 pradeepitm12 Awaiting requested review from pradeepitm12

Assignees

@nikhil-thomas nikhil-thomas

@sm43 sm43

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@savitaashture @tekton-robot @vdemeester @sm43 @nikhil-thomas