Skip to content
This repository has been archived by the owner on Jun 26, 2023. It is now read-only.

Let HNC propagate builtin admin rolebindings #776

Merged
merged 1 commit into from
May 27, 2020
Merged

Let HNC propagate builtin admin rolebindings #776

merged 1 commit into from
May 27, 2020

Conversation

adrianludwin
Copy link
Contributor

I think HNC used to be able to propagate the admin role, but there
were several permission (deletecollection, impersonate) that don't
appear to be working in 1.15. I've now added these permissions to the
HNC service account so it can grant them.

Tested: new hack/test-issue-772.sh verifies that HNC can propagate the
admin builtin; it fails without this change and passes with it. The
existing hack/test-issue-771.sh, which uses cluster-admin, continues
to be unpropagateable as expected.

Fixes #772

/assign @yiqigao217

@adrianludwin
Let HNC propagate builtin admin rolebindings
72188b1 
I _think_ HNC used to be able to propagate the `admin` role, but there
were several permission (deletecollection, impersonate) that don't
appear to be working in 1.15. I've now added these permissions to the
HNC service account so it can grant them.

Tested: new hack/test-issue-772.sh verifies that HNC can propagate the
`admin` builtin; it fails without this change and passes with it. The
existing hack/test-issue-771.sh, which uses `cluster-admin`, continues
to be unpropagateable as expected.
@adrianludwin adrianludwin added this to the hnc-v0.4 milestone May 27, 2020
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label May 27, 2020
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 27, 2020
yiqigao217
yiqigao217 approved these changes May 27, 2020
View reviewed changes
Copy link
Contributor

@yiqigao217 yiqigao217 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm Indicates that a PR is ready to be merged. label May 27, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adrianludwin, yiqigao217

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 37f2f34 into kubernetes-retired:master May 27, 2020
@adrianludwin adrianludwin deleted the prop-admin branch May 27, 2020 18:10
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@yiqigao217 yiqigao217 yiqigao217 approved these changes

@JimBugwadia JimBugwadia Awaiting requested review from JimBugwadia

@tashimi tashimi Awaiting requested review from tashimi

Assignees

@yiqigao217 yiqigao217

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
hnc-v0.4
Development

Successfully merging this pull request may close these issues.

HNC: cannot propagate "admin" rolebindings anymore
3 participants
@adrianludwin @k8s-ci-robot @yiqigao217