Skip to content

[release/v25.1.x] feat(operator): implement role membership reconciliation (#1192) #1193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
github-actions wants to merge 1 commit into from
Closed

[release/v25.1.x] feat(operator): implement role membership reconciliation (#1192) #1193

github-actions wants to merge 1 commit into from

Conversation

@github-actions
Copy link

@github-actions github-actions bot commented Dec 2, 2025

Backport

This will backport the following commits from main to release/v25.1.x:

Questions ?

Please refer to the Backport tool documentation

@sago2k8
feat(operator): implement role membership reconciliation (#1192)
6156f51 
* feat(operator): implement role membership reconciliation

- Add ManagedPrincipals status field to track membership management
- Update controller to reconcile membership changes (add/remove/clear)
- Add ClearPrincipals method for transitioning to unmanaged mode
- Add comprehensive unit tests for membership updates
- Add acceptance tests for principals management scenarios

Implements strict membership management where operator reconciles
all members in spec. When spec.principals is empty/nil, operator
stops managing membership (managedPrincipals=false).

* chore: add changelog entry for role membership reconciliation

* fix(acceptance): update test for always-manage-role pattern

The operator always takes full ownership of roles it manages,
regardless of whether they pre-existed. Updated the authorization-only
test to expect role deletion when the CRD is removed.

Also updated controller to set managedRole=true when managing
pre-existing roles to ensure proper cleanup.

(cherry picked from commit 7b1c1df)

# Conflicts:
#	acceptance/features/role-crds.feature
#	acceptance/steps/register.go
#	acceptance/steps/roles.go
#	operator/api/applyconfiguration/redpanda/v1alpha2/rolestatus.go
#	operator/api/redpanda/v1alpha2/role_types.go
#	operator/api/redpanda/v1alpha2/testdata/crd-docs.adoc
#	operator/config/crd/bases/cluster.redpanda.com_redpandaroles.yaml
#	operator/internal/controller/redpanda/role_controller.go
#	operator/internal/controller/redpanda/role_controller_test.go
#	operator/pkg/client/roles/client.go
@github-actions github-actions bot mentioned this pull request Dec 2, 2025
Merged
@RafalKorepta
Copy link
Contributor

RafalKorepta commented Dec 2, 2025

Back port is not needed

@RafalKorepta RafalKorepta deleted the backport/release/v25.1.x/pr-1192 branch December 12, 2025 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RafalKorepta RafalKorepta Awaiting requested review from RafalKorepta RafalKorepta is a code owner

@chrisseto chrisseto Awaiting requested review from chrisseto chrisseto is a code owner

@andrewstucki andrewstucki Awaiting requested review from andrewstucki andrewstucki is a code owner

@gene-redpanda gene-redpanda Awaiting requested review from gene-redpanda gene-redpanda is a code owner

Assignees

@sago2k8 sago2k8

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@RafalKorepta @sago2k8