New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 2036827: ensure GCP CredsReq has a list of ServiceAccounts #440
Bug 2036827: ensure GCP CredsReq has a list of ServiceAccounts #440
Conversation
When setting up workload-identity on GCP, require that there is at least one entry in .spec.serviceAccountNames so that we can properly restrict which k8s ServiceAccounts can use the created GCP ServiceAccount.
@joelddiaz: This pull request references Bugzilla bug 2036827, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/assign @akhil-rane |
Codecov Report
@@ Coverage Diff @@
## master #440 +/- ##
==========================================
- Coverage 46.36% 46.35% -0.02%
==========================================
Files 92 92
Lines 9204 9206 +2
==========================================
Hits 4267 4267
- Misses 4417 4418 +1
- Partials 520 521 +1
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: akhil-rane, joelddiaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/test e2e-gcp-manual-oidc |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
Nice! It's catching a real issue: |
wow! |
@joelddiaz: An error was encountered adding this pull request to the external tracker bugs for bug 2036827 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
JSONRPC error 32000: Red Hat Bugzilla's database reported a query serialization error. Most likely this occurred because another user or process attempted to change the same data that you were attempting to change. Please press Back and retry the transaction.
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@joelddiaz: This pull request references Bugzilla bug 2036827. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
okay, I might have accidentally screwed something up here |
/bugzilla refresh |
@joelddiaz: This pull request references Bugzilla bug 2036827, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
just fyi, created this PR to address the missing service accounts in the capi operator, openshift/cluster-capi-operator#26 |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
@joelddiaz: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@joelddiaz: All pull requests linked via external trackers have merged: Bugzilla bug 2036827 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/hold |
Nevermind. It already merged ¯_ (ツ)_/¯ |
When setting up workload-identity on GCP, require that there is at least
one entry in .spec.serviceAccountNames so that we can properly restrict
which k8s ServiceAccounts can use the created GCP ServiceAccount.