removing subject rules review auth and using aggregated rules. #995
Conversation
openshift-ci-robot
added
the
size/XXL
Gopkg.toml
Outdated
| @@ -37,8 +37,10 @@ | |||
| version = "~1.3.0" | |||
|
|
|||
| [[constraint]] | |||
| version = "~0.2.0" | |||
| #version = "~0.2.0" | |||
There was a problem hiding this comment.
I'm assuming we don't want these changes in the PR.
There was a problem hiding this comment.
This depends on the bundle lib PR so will update once we get a release of bundle lib
|
If you are using aggregated reviews, does that impact our need for https://github.com/shawn-hurley/ansible-service-broker/blob/a85d2a365ac1fb293dae0951ee61320038649523/apb/tasks/main.yml#L8 ? |
apb/templates/broker-user-auth.yaml
Outdated
| kind: ClusterRole | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: asb-user-access |
There was a problem hiding this comment.
I think this name, since it's cluster scope, should be related to the {{ broker_name }}
There was a problem hiding this comment.
or...maybe not, but at least not asb-user-access 😎
apb/templates/broker-user-auth.yaml
Outdated
| metadata: | ||
| name: asb-user-access | ||
| labels: | ||
| {% if broker_sandbox_role == 'admin' %} |
There was a problem hiding this comment.
I think it needs to be formatted more like:
labels:
{% if broker_sandbox_role == 'admin' %}
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{% endif %}
...
Otherwise, I think the whitespace is included.
apb/templates/broker-user-auth.yaml
Outdated
| @@ -0,0 +1,17 @@ | |||
| --- | |||
| kind: ClusterRole | |||
There was a problem hiding this comment.
The only thing I don't see is this template being used in deployment.
There was a problem hiding this comment.
I am very confused by this statement sorry can you explain what I need to do?
There was a problem hiding this comment.
I would expect to see broker-user-auth.yaml somewhere in this list (https://github.com/shawn-hurley/ansible-service-broker/blob/a85d2a365ac1fb293dae0951ee61320038649523/apb/tasks/main.yml#L54) in order for the broker-user-auth ClusterRole to be created.
|
Yes, I think the default should be authorization for both k8s and
openshift.
…On Tue, Jun 26, 2018 at 10:54 AM David Zager ***@***.***> wrote:
If you are using aggregated reviews, does that impact our need for
https://github.com/shawn-hurley/ansible-service-broker/blob/a85d2a365ac1fb293dae0951ee61320038649523/apb/tasks/main.yml#L8
?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#995 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABza93objGSTaYrLb9FxPFwH28p7HK01ks5uAnVWgaJpZM4Uysfp>
.
|
shawn-hurley
force-pushed
the
remove-subjectrulesreview-auth
branch
2 times, most recently
from
9cee5d8
to
db56742
Compare
shawn-hurley
force-pushed
the
remove-subjectrulesreview-auth
branch
from
ae7ca30
to
8eec92c
Compare
Describe what this PR does and why we need it:
Implementation of https://trello.com/c/fiOSsq1Q
Changes proposed in this pull request
Does this PR depend on another PR (Use this to track when PRs should be merged)
depends-on
automationbroker/bundle-lib#112