Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow RO permissions for cluster maintenance config #41744

Merged
merged 2 commits into from
May 20, 2024
Merged

Allow RO permissions for cluster maintenance config #41744

merged 2 commits into from
May 20, 2024

Conversation

bernardjkim
Copy link
Contributor

@bernardjkim bernardjkim commented May 18, 2024
edited

Closes #41027

This PR adds cluster_maintenance_config read only permissions to the preset access role.

tctl get cmc
kind: cluster_maintenance_config
metadata:
  name: cluster-maintenance-config
nonce: 28658
spec:
  agent_upgrades:
    utc_start_hour: 16
version: v1

changelog: Add read-only permissions for cluster maintenance config

@github-actions GitHub Actions
Copy link

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

@zmb3
Copy link
Collaborator

zmb3 commented May 18, 2024

Does this work even on a cluster where access already exists?

@strideynet
Copy link
Contributor

Does this work even on a cluster where access already exists?

My understanding is that services.AddRoleDefaults manages adding new resources to the default roles.

@bernardjkim
Copy link
Contributor Author

Does this work even on a cluster where access already exists?

Just tested, it looks like, yes, existing access roles will be updated after the auth is re-initialized. From what I can tell this is only for the preset roles though https://github.com/gravitational/teleport/blob/master/lib/auth/init.go#L918

@bernardjkim bernardjkim added this pull request to the merge queue May 20, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks May 20, 2024
@bernardjkim bernardjkim added this pull request to the merge queue May 20, 2024
Merged via the queue into master with commit 1bfcbb9 May 20, 2024
37 checks passed
@bernardjkim bernardjkim deleted the bernard/cmc-read branch May 20, 2024 17:24
@public-teleport-github-review-bot
Copy link

@bernardjkim See the table below for backport results.

Branch Result
branch/v13 Create PR
branch/v14 Create PR
branch/v15 Create PR

This was referenced May 20, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gabrielcorado gabrielcorado gabrielcorado approved these changes

@strideynet strideynet strideynet approved these changes

Assignees
No one assigned
Labels
backport/branch/v13 backport/branch/v14 backport/branch/v15 size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow read access to the Cluster Maintenance Config
4 participants
@bernardjkim @zmb3 @strideynet @gabrielcorado