New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Suggested Role Spec for Enrolling New Resources #34865
Conversation
Signed-off-by: Evan Freed <evan.freed@goteleport.com>
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wow... this was a major oversight on my part, thanks for the fix!
@evanfreed could you also add like this: integrationAccess.create && integrationAccess.list && integrationAccess.use && integrationAccess.read; |
@ibeckermayer not aware of any reason, seems to have just been an oversight and the RBAC for this wasn't properly tested. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM once @kimlisa's comment is addressed
Signed-off-by: Evan Freed <evan.freed@goteleport.com>
@evanfreed yes it needs to be backported to branch/v13 |
@evanfreed See the table below for backport results.
|
I went to
Enroll New Resource
and for bothEC2 Instance
andRDS PostgresSQL
I was given a suggested role:I copied this to my role but I got:
After review it looks like it's missing the
read
verb in the suggestion. Feel free to let me know if this is the correct place to change this.changelog: Add read verb to suggested role spec when enrolling new resources.