-
Notifications
You must be signed in to change notification settings - Fork 826
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
*: Fix dashboard's token generation RBAC YAML #3370
*: Fix dashboard's token generation RBAC YAML #3370
Conversation
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by submitting an approval review. |
Welcome @Garima-Negi! |
e6b39cf
to
b9198fb
Compare
Codecov Report
@@ Coverage Diff @@
## master #3370 +/- ##
=========================================
Coverage ? 40.08%
=========================================
Files ? 166
Lines ? 14187
Branches ? 0
=========================================
Hits ? 5687
Misses ? 8065
Partials ? 435 Continue to review full report at Codecov.
|
Thanks for your contribution! Please update the CHANGELOG.md, rest LGTM |
- apiGroups: | ||
- chaos-mesh.org | ||
- apiGroups: ["chaos-mesh.org"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not get the point.
apiGroups:
- chaos-mesh.org
apiGroups: ["chaos-mesh.org"]
they introduce the same meaning.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It didn't work for me with the existing yaml until I fixed it as linked here https://kubernetes.io/docs/reference/access-authn-authz/rbac/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A little weird but it could still work. I have no reason to block this PR.
Hi @Garima-Negi , could you append an entry into the CHANGELOG.md about this PR? ❤️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@Garima-Negi please fix the DCO, you can click details for more information |
7f1e543
to
3bb655f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
3bb655f
to
498c070
Compare
498c070
to
5880d57
Compare
* perf: make the Scope render conditionally Signed-off-by: Yue Yang <g1enyy0ung@gmail.com> * chore: update changelog Signed-off-by: Yue Yang <g1enyy0ung@gmail.com> Signed-off-by: Yue Yang <g1enyy0ung@gmail.com> Signed-off-by: STRRL <im@strrl.dev>
Signed-off-by: Garima Negi <garima.negi@segment.com> Signed-off-by: STRRL <im@strrl.dev>
Signed-off-by: Garima Negi <garima.negi@segment.com> Signed-off-by: STRRL <im@strrl.dev>
Signed-off-by: STRRL <im@strrl.dev>
5880d57
to
0b2d275
Compare
/merge |
/merge cancel This PR requires updates on CHANEGLOG. |
Signed-off-by: STRRL <im@strrl.dev>
/merge |
This pull request has been accepted and is ready to merge. Commit hash: 94aa633
|
@Garima-Negi: Your PR was out of date, I have automatically updated it for you. At the same time I will also trigger all tests for you: /run-all-tests If the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository. |
What problem does this PR solve?
This PR introduces a change to the rbac.yaml file that is shown to user when generating a new token for using chaosmesh dashboard.
What's changed and how it works?
Existing yaml is incorrect for apiGroup chaos-mesh.org and does not add the required verbs/resources in rule section.
This results in errors on dashboard "cannot list resource PodChaos" etc.for all types of resources
After fix, the rule is created correctly:
{APIGroups:["[chaos-mesh.org](http://chaos-mesh.org/)"], Resources:["*"], Verbs:["get" "list" "watch" "create" "delete" "patch" "update"]}
The fix is aligned with https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Related changes
not sure of remaining options in PR description
chaos-mesh/website
Dashboard UI
Checklist
CHANGELOG
CHANGELOG.md
Tests
Side effects
Release note
DCO
If you find the DCO check fails, please run commands like below (Depends on the actual situations. For example, if the failed commit isn't the most recent) to fix it: