-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: ✨ Feature/permission preflight #1282
base: main
Are you sure you want to change the base?
WIP: ✨ Feature/permission preflight #1282
Conversation
Signed-off-by: everettraven <[email protected]>
Signed-off-by: everettraven <[email protected]>
Signed-off-by: everettraven <[email protected]>
✅ Deploy Preview for olmv1 ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Note: preflight checks are run after a helm dry run, so there may be cases where permission errors are returned from our helm use before we ever hit the preflight checks. I'm not sure there is much way around this, but I haven't spent too much time thinking on this. Open to suggestions! |
Also, with this change the new status message for insufficient permissions from the preflight check looks something like: - lastTransitionTime: "2024-09-18T14:52:12Z"
message: |-
not permitted to "create" /v1, Resource=serviceaccounts
not permitted to "update" /v1, Resource=serviceaccounts
not permitted to "patch" /v1, Resource=serviceaccounts
not permitted to "delete" /v1, Resource=serviceaccounts
not permitted to "list" /v1, Resource=serviceaccounts
not permitted to "watch" /v1, Resource=serviceaccounts
not permitted to "create" /v1, Resource=configmaps
not permitted to "update" /v1, Resource=configmaps
not permitted to "patch" /v1, Resource=configmaps
not permitted to "delete" /v1, Resource=configmaps
not permitted to "list" /v1, Resource=configmaps
not permitted to "watch" /v1, Resource=configmaps
not permitted to "create" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "update" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "patch" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "delete" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "list" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "watch" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "create" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "update" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "patch" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "delete" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "list" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "watch" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "create" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "update" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "patch" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "delete" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "list" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "watch" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "create" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "update" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "patch" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "delete" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "list" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "watch" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "create" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "update" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "patch" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "delete" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "list" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "watch" apiextensions.k8s.io/v1, Resource=customresourcedefinitions
not permitted to "create" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "update" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "patch" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "delete" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "list" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "watch" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "create" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "update" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "patch" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "delete" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "list" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "watch" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "create" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "update" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "patch" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "delete" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "list" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "watch" rbac.authorization.k8s.io/v1, Resource=clusterroles
not permitted to "create" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "update" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "patch" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "delete" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "list" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "watch" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "create" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "update" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "patch" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "delete" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "list" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "watch" rbac.authorization.k8s.io/v1, Resource=clusterrolebindings
not permitted to "create" /v1, Resource=services
not permitted to "update" /v1, Resource=services
not permitted to "patch" /v1, Resource=services
not permitted to "delete" /v1, Resource=services
not permitted to "list" /v1, Resource=services
not permitted to "watch" /v1, Resource=services
not permitted to "create" apps/v1, Resource=deployments
not permitted to "update" apps/v1, Resource=deployments
not permitted to "patch" apps/v1, Resource=deployments
not permitted to "delete" apps/v1, Resource=deployments
not permitted to "list" apps/v1, Resource=deployments
not permitted to "watch" apps/v1, Resource=deployments
observedGeneration: 2
reason: Failed
status: "False"
type: Installed (I still have some work to do to de-duplicate the messages) |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1282 +/- ##
==========================================
- Coverage 76.49% 75.42% -1.07%
==========================================
Files 39 40 +1
Lines 2361 2409 +48
==========================================
+ Hits 1806 1817 +11
- Misses 389 426 +37
Partials 166 166
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Description
Reviewer Checklist