-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move rbacs for config reader to a separate handler #1441
Move rbacs for config reader to a separate handler #1441
Conversation
Pull Request Test Coverage Report for Build 1033551036
💛 - Coveralls |
ffbac94
to
6c1e367
Compare
hco-e2e-image-index-azure, hco-e2e-image-index-aws lanes succeeded. |
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-image-index-gcp In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
hco-e2e-kv-smoke-azure lane succeeded. |
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-kv-smoke-gcp In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
We need to check if we can entirely take it out of the code, letting OLM manage it. The main problem with creating rbacs from the code is that HCO must have permissions for that, and we need to avoid such permmissions. Can we move it to the CSV? |
@nunnatsa My understanding from the discussions in the PR below, it is not possible to create Role&RoleBinding with CSV |
pkg/controller/operands/cdi.go
Outdated
|
||
return nil | ||
} | ||
func (h *cdiHooks) postFound(req *common.HcoRequest, exists runtime.Object) error { return nil } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the one and only real implementation of the postFound
function. Please remove it from the interface and delete all the empty implementations (and the function call too).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
If I correctly recall the specific problem was that a serviceAccountName was mandatory in the CSV while the console is impersonating the connected user while reading that config map. |
As far as I can see, this is still the case. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please see one comment about postFound
Signed-off-by: Erkan Erol <eerol@redhat.com>
It was necessary for configreader role&rolebinding in cdi hooks but we moved them to separate handlers now. We don't need this function anymore. Signed-off-by: Erkan Erol <eerol@redhat.com>
6c1e367
to
3cc9a24
Compare
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nunnatsa The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
hco-e2e-image-index-aws lane succeeded. |
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-image-index-gcp In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
@erkanerol: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
hco-e2e-kv-smoke-azure lane succeeded. |
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-kv-smoke-gcp In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
hco-e2e-upgrade-index-azure lane succeeded. |
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-upgrade-index-aws In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
Signed-off-by: Erkan Erol eerol@redhat.com
With this PR, hco operator w,ill start reconciling
hco.kubevirt.io:config-reader
Role&RoleBinding strictly like other operands. After this PR, changes on these operands will be overwritten immediately without requiring any change on CDI or HCO CRs.Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1963963
Reviewer Checklist
Release note: