Rename ClusterRoles created by OperatorGroups #3035
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: tmshort The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
Update of #2991 |
|
/hold Until we have plans for cleanup, and if anything will be backported. |
openshift-ci
bot
added
the
do-not-merge/hold
|
/retest |
| "": { | ||
| &rbacv1.ClusterRole{ | ||
| ObjectMeta: metav1.ObjectMeta{ | ||
| ResourceVersion: "", |
There was a problem hiding this comment.
nit: can remove these empty fields
| @@ -5366,7 +5793,10 @@ func RequireObjectsInCache(t *testing.T, lister operatorlister.OperatorLister, n | |||
| require.Failf(t, "couldn't find expected object", "%#v", object) | |||
| } | |||
| if err != nil { | |||
| return fmt.Errorf("namespace: %v, error: %v", namespace, err) | |||
| if apierrors.IsNotFound(err) { | |||
There was a problem hiding this comment.
What's the meaning of this change?
There was a problem hiding this comment.
It was in @perdasilva's change that I pulled in directly. Line numbers are probably a bit different due to reverting format-only changes.
Looks as though it's trying to avoid double-wrapping the error.
|
Content looks good, just nits. /lgtm |
openshift-ci
bot
added
lgtm
tmshort
force-pushed
the
PR-2991-new
branch
from
540da95
to
58050e1
Compare
|
/lgtm |
tmshort
force-pushed
the
PR-2991-new
branch
from
58050e1
to
88725b8
Compare
|
/unhold |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/lgtm |
When an OperatorGroup creates a ClusterRole, it's based directly on the OG name with a suffix, this causes two issues: 1. same-named OGs in different namespaces overwrite each others CRs 2. there are some very important CRs that could be overwritten by OG Tests added. Signed-off-by: Per Goncalves da Silva <[email protected]> Signed-off-by: Todd Short <[email protected]>
Signed-off-by: Todd Short <[email protected]>
tmshort
force-pushed
the
PR-2991-new
branch
from
88725b8
to
94f840b
Compare
|
/lgtm |
Description of the change:
When an OperatorGroup creates a ClusterRole, it's based directly on the OG name with a suffix, this causes two issues:
Tests added.
Motivation for the change:
The ClusterRoles created by an OperatorGroup can conflict with existing CRs and with CRs created by OGs.
Architectural changes:
Naming of these OG CRs change, but since they're aggregated, admins shouldn't really be using them, so the new names shouldn't matter.
There will be a need to clean up the old roles, but that could potentially be dangerous.
Testing remarks:
Reviewer Checklist
/doc[FLAKE]are truly flaky and have an issue