Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX: For CSA to SSA migration, we need UPDATE permission on the resource (not the sub-resource) #218

Merged
merged 1 commit into from
Oct 30, 2023
Merged

FIX: For CSA to SSA migration, we need UPDATE permission on the resource (not the sub-resource) #218

merged 1 commit into from
Oct 30, 2023

Conversation

inteon
Copy link
Member

@inteon inteon commented Oct 30, 2023

We made a mistake in #191.
To migrate from CSA to SSA, we need to be able to UPDATE the resource (not the sub-resource).
The update operation is performed here:

trust-manager/pkg/bundle/bundle.go

Line 491 in 0418012

return true, b.directClient.Update(ctx, obj)

To avoid these problems in the future, we should run our integration tests using a non-admin service account (so we also test our RBAC configs).

@inteon
for CSA to SSA migration, we need UPDATE permission on the resource (…
582f543 
…not the sub-resource)

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@inteon inteon requested a review from erikgb October 30, 2023 09:28
@jetstack-bot jetstack-bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 30, 2023
@inteon
Copy link
Member Author

inteon commented Oct 30, 2023

/test pull-trust-manager-smoke

erikgb
erikgb approved these changes Oct 30, 2023
View reviewed changes
Copy link
Contributor

@erikgb erikgb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Oct 30, 2023
@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: erikgb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 30, 2023
@jetstack-bot jetstack-bot merged commit 2b7cec2 into cert-manager:main Oct 30, 2023
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erikgb erikgb erikgb approved these changes

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@inteon @jetstack-bot @erikgb