New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make certificate approve/deny no-op if CSR is already approved #61971

Merged
merged 1 commit into from Mar 31, 2018

Conversation

Projects
None yet
4 participants
@smarterclayton
Contributor

smarterclayton commented Mar 31, 2018

Approval for CSRs is only needed once. If the CSR is already approved or
denied we can skip updating it. Add a --force flag that allows the
existing behavior for when a user has a specific need to update the CSR.

This is backwards compatible with the intended use of the conditions,
although it's possible some users are depending on the status being
updated. It makes bulk approval as an admin much faster for scripting.

@kubernetes/sig-auth-pr-reviews

`kubectl certificate approve|deny` will not modify an already approved or denied CSR unless the `--force` flag is provided.
Make certificate approve/deny no-op if CSR is already approved
Approval for CSRs is only needed once. If the CSR is already approved or
denied we can skip updating it. Add a `--force` flag that allows the
existing behavior for when a user has a specific need to update the CSR.

This is backwards compatible with the intended use of the conditions,
although it's possible some users are depending on the status being
updated. It makes bulk approval as an admin much faster for scripting.
@mikedanese

This comment has been minimized.

Member

mikedanese commented Mar 31, 2018

/lgtm
/retest

@k8s-ci-robot

This comment has been minimized.

Contributor

k8s-ci-robot commented Mar 31, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mikedanese, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-merge-robot

This comment has been minimized.

Contributor

k8s-merge-robot commented Mar 31, 2018

/test all [submit-queue is verifying that this PR is safe to merge]

@k8s-merge-robot

This comment has been minimized.

Contributor

k8s-merge-robot commented Mar 31, 2018

Automatic merge from submit-queue (batch tested with PRs 59533, 61971). If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-merge-robot k8s-merge-robot merged commit 61cddc9 into kubernetes:master Mar 31, 2018

6 of 14 checks passed

Submit Queue Required Github CI test is not green: pull-kubernetes-e2e-gce
Details
pull-kubernetes-e2e-gce Job triggered.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job triggered.
Details
pull-kubernetes-e2e-kops-aws Job triggered.
Details
pull-kubernetes-integration Job triggered.
Details
pull-kubernetes-kubemark-e2e-gce Job triggered.
Details
pull-kubernetes-node-e2e Job triggered.
Details
pull-kubernetes-verify Job triggered.
Details
cla/linuxfoundation smarterclayton authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-cross Skipped
pull-kubernetes-e2e-gke Skipped
pull-kubernetes-typecheck Job succeeded.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment