Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

account-roles: Merge compatible policies #482

Merged

Conversation

vkareh
Copy link
Member

@vkareh vkareh commented Oct 12, 2021

Since newer policies build upon the previous one, we merge all versions
of the policies. This allows customers to have account roles that have
compatible policies with all supported OpenShift versions.

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 12, 2021
@vkareh vkareh force-pushed the SDA-4888/merge-policy-versions branch 3 times, most recently from bbfdba6 to 17e71b5 Compare October 13, 2021 17:50
@ciaranRoche
Copy link
Member

Had no issue creating account roles, and getting a cluster to waiting state. Got the following error when creating the operator roles

There was an error creating the operator roles: Unable to load file templates/policies/4.8/operator_iam_role_policy.json: Asset templates/policies/4.8/operator_iam_role_policy.json not found

@vkareh should the template change be done in this MR, or will it be handled in a follow up?

@vkareh vkareh force-pushed the SDA-4888/merge-policy-versions branch from 17e71b5 to bc3187e Compare October 14, 2021 12:35
@vkareh
Copy link
Member Author

vkareh commented Oct 14, 2021

@ciaranRoche

should the template change be done in this MR, or will it be handled in a follow up?

No, that's a bug you found 😆
I've pushed a fixed commit now

Since newer policies build upon the previous one, we merge all versions
of the policies. This allows customers to have account roles that have
compatible policies with all supported OpenShift versions.
Instead of having permission policies inline in the account roles, we
create separate policy documents and attach them.
@vkareh vkareh force-pushed the SDA-4888/merge-policy-versions branch from bc3187e to 212fab4 Compare October 14, 2021 15:15
@ciaranRoche
Copy link
Member

/lgtm

Verified 👍

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 15, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 15, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ciaranRoche, vkareh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants