Use cluster role aggregation for service catalog RBAC #18251
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openshift-ci-robot
added
the
size/L
|
/hold SC stuff does not go in bootstrap. @jboyd01 ping me on IRC, I will explain further. |
openshift-ci-robot
added
the
do-not-merge/hold
enj
reviewed
Jan 23, 2018
| return []rbac.ClusterRole{ | ||
| { | ||
| ObjectMeta: v1.ObjectMeta{ | ||
| Name: bootstrappolicy.AdminRoleName, |
There was a problem hiding this comment.
This PR should be a 6 line change delta where you add the appropriate label to each cluster role and give each cluster role a unique name. For example:
{
ObjectMeta: v1.ObjectMeta{
Name: "system:openshift:service-catalog:aggregate-to-admin",
Labels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-admin": "true"},
},
...
}
jboyd01
changed the title
openshift-ci-robot
added
the
do-not-merge/work-in-progress
jboyd01
force-pushed
the
catalog-cluster-role-aggrigation
branch
from
fb568b6 to
0521c2d
Compare
openshift-ci-robot
added
size/S
enj
suggested changes
Jan 23, 2018
| @@ -39,18 +38,7 @@ func (h *Helper) InstallServiceCatalog(f *clientcmd.Factory, configDir, publicMa | |||
| return err | |||
| } | |||
|
|
|||
| for _, role := range GetServiceCatalogRBACDelta() { | |||
There was a problem hiding this comment.
@jboyd01 leave this as-is (there should be no changes to this file other than the GetServiceCatalogRBACDelta to GetServiceCatalogClusterRoles name change).
There was a problem hiding this comment.
Thanks, finally got it. Tests look good.
jboyd01
force-pushed
the
catalog-cluster-role-aggrigation
branch
from
0521c2d to
47f3286
Compare
openshift-ci-robot
added
size/M
jboyd01
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
enj
changed the title
enj
reviewed
Jan 24, 2018
| return errors.NewError("could not reconcile service catalog cluster role %s", role.Name).WithCause(err) | ||
| } | ||
| for _, role := range GetServiceCatalogClusterRoles() { | ||
|
|
|
/hold cancel LGTM though you need to run go fmt. |
openshift-ci-robot
removed
the
do-not-merge/hold
jboyd01
force-pushed
the
catalog-cluster-role-aggrigation
branch
from
47f3286 to
ed68d3a
Compare
openshift-ci-robot
added
size/S
|
applied go fmt |
|
/test service-catalog |
|
/test gcp |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enj, jboyd01 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
openshift-ci-robot
added
the
approved
enj
approved these changes
Jan 24, 2018
|
Automatic merge from submit-queue (batch tested with PRs 18191, 18264, 18235, 18251, 18271). |
|
Thanks for the fix, @jboyd01 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1535639
follow on from #17976