Backport of [NET-9500] Cleanup orphaned inline-certs and acl role/policy into release/1.3.x #4121
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #4067 to be assessed for backporting due to the inclusion of the label backport/1.3.x.
🚨
The person who merged in the original PR is:
@jm96441n
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.
The below text is copied from the body of the original PR.
Changes proposed in this PR
How I've tested this PR
Run/Write tests
Manual Testing:
8501
to the consul server instanceconsul acl role list
and you will see the shared"managed-gateway-acl-role"
consul acl policy list
and you will see the shared"api-gateway-token-policy"
consul acl binding-rule list
and you will see the shared binding-rules referencing bothmanaged-gateway-acl-role
consul config list -kind inline-certificate
and you will see an inline certificate listedconsul_values.yaml
uncomment lines 3 and 4 and comment lines 4 and 5 (also make sure you build consul-k8s from this branch and have an up to date build of main of consul)export CONSUL_K8S_CHARTS_LOCATION="$HOME/hashi/consul-k8s/charts/consul"
and replace the value being set with the location of the helm charts in your local copy of consul-k8shelm upgrade --install consul $CONSUL_K8S_CHARTS_LOCATION -f ./consul_values.yaml -n consul --create-namespace --wait
to install the new version of consul-k8s that you builtconsul acl role list
and you will not see the shared"managed-gateway-acl-role"
consul acl policy list
and you will not see the shared"api-gateway-token-policy"
consul acl binding-rule list
and you will not see the shared binding-rules referencingmanaged-gateway-acl-role
consul config list -kind inline-certificate
and you will see no inline certificates listedHow I expect reviewers to test this PR
read the code
run the tests
do the above steps
Checklist
Overview of commits