[SREP-3267] - fix rbac to apply to backplane users.#500
[SREP-3267] - fix rbac to apply to backplane users.#500Mhodesty wants to merge 2 commits intoopenshift:masterfrom
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
WalkthroughAdded RBAC aggregation label to a ClusterRole resource enabling view role group aggregation. Changed SelectorSyncSet resourceApplyMode from Sync to Upsert for resource reconciliation behavior in OLM registry template configuration. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
openshift-ci
bot
added
the
approved
|
/lgtm |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #500 +/- ##
=======================================
Coverage 56.26% 56.26%
=======================================
Files 31 31
Lines 2851 2851
=======================================
Hits 1604 1604
Misses 1137 1137
Partials 110 110 🚀 New features to boost your workflow:
|
|
/remove-hold |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: clcollins, Mhodesty The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
New changes are detected. LGTM label has been removed. |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@hack/pko/clusterpackage-direct.yaml`:
- Around line 12-13: The IMAGE_DIGEST parameter is declared required but never
used; either remove the IMAGE_DIGEST parameter or update the manifest to
reference it in the pod image field: modify the spec.image (where PKO_IMAGE is
used) to include the digest (e.g., use the pattern ${PKO_IMAGE}@${IMAGE_DIGEST})
so IMAGE_DIGEST is consumed, or delete the IMAGE_DIGEST parameter declaration if
the digest is not needed; update any related documentation or parameter lists
accordingly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: e8f234a8-ac33-4792-887e-d52ef3ffbf9b
📒 Files selected for processing (2)
hack/olm-registry/olm-artifacts-template.yamlhack/pko/clusterpackage-direct.yaml
hack/pko/clusterpackage-direct.yaml
Outdated
| - name: IMAGE_DIGEST | ||
| required: true |
There was a problem hiding this comment.
IMAGE_DIGEST is required but unused.
The IMAGE_DIGEST parameter is marked as required but is not referenced anywhere in the template objects. Either remove this parameter or update the spec.image to use the digest (e.g., ${PKO_IMAGE}@${IMAGE_DIGEST} if that's the intended format).
Proposed fix (if parameter is unnecessary)
- - name: IMAGE_DIGEST
- required: true📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: IMAGE_DIGEST | |
| required: true |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@hack/pko/clusterpackage-direct.yaml` around lines 12 - 13, The IMAGE_DIGEST
parameter is declared required but never used; either remove the IMAGE_DIGEST
parameter or update the manifest to reference it in the pod image field: modify
the spec.image (where PKO_IMAGE is used) to include the digest (e.g., use the
pattern ${PKO_IMAGE}@${IMAGE_DIGEST}) so IMAGE_DIGEST is consumed, or delete the
IMAGE_DIGEST parameter declaration if the digest is not needed; update any
related documentation or parameter lists accordingly.
Mhodesty
force-pushed
the
SREP-3267-fix-rbac
branch
from
70eaae1 to
4c11dfc
Compare
Mhodesty
force-pushed
the
SREP-3267-fix-rbac
branch
from
4c11dfc to
d93a7f4
Compare
|
@Mhodesty: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
3 participants
With PKO replacing OLM, these CRD-generated ClusterRoles are no longer created, causing backplane users to lose view access to
clusterurlmonitorsandroutemonitorswithout elevation.Changes
deploy_pko/ClusterRole-route-monitor-operator-dedicated-admins-cluster.yamlwith:rbac.authorization.k8s.io/aggregate-to-view: "true"- restores backplane access viaviewaggregationmanaged.openshift.io/aggregate-to-dedicated-admins: "cluster"- restores dedicated-admin accessTest plan
oc get clusterurlmonitorswithout elevationoc get routemonitorswithout elevation