Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update RBAC to allow remediations that set projects templates #207

Merged
merged 2 commits into from
Feb 7, 2023
Merged

Update RBAC to allow remediations that set projects templates #207

merged 2 commits into from
Feb 7, 2023

Conversation

jhrozek
Copy link

@jhrozek jhrozek commented Jan 31, 2023

  • CO ClusterRole: Add the permissions to operate on templates.template.openshift.io
  • CO ClusterRole: Add the permissions to operator on projects.config.openshift.io

I'm working on checks and remediations that set up cluster config and projects template so that
all newly created projects include a NetworkPolicy. These RBAC rules are needed in order to create the corresponding remediations.

@jhrozek jhrozek mentioned this pull request Jan 31, 2023
Merged
@jhrozek
Copy link
Author

jhrozek commented Jan 31, 2023

/test e2e-aws

Vincent056
Vincent056 approved these changes Feb 3, 2023
View reviewed changes
Copy link

@Vincent056 Vincent056 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Feb 3, 2023
@openshift-ci
Copy link

openshift-ci bot commented Feb 3, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jhrozek, Vincent056

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jhrozek
CO ClusterRole: Add the permissions to operate on templates.template.…
8db2273 
…openshift.io

We need this permissions to be able to create templates for new
projects.
@jhrozek
CO ClusterRole: Add the permissions to operator on projects.config.op…
95750b2 
…enshift.io

We need this permission to reference project templates from the cluster
config.
@openshift-ci openshift-ci bot removed the lgtm label Feb 3, 2023
@jhrozek
Copy link
Author

jhrozek commented Feb 3, 2023

just rebased on recent master

Vincent056
Vincent056 reviewed Feb 6, 2023
View reviewed changes
Copy link

@Vincent056 Vincent056 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Feb 6, 2023
@jhrozek
Copy link
Author

jhrozek commented Feb 6, 2023

nothing to test, document or support
thanks for the review!

@jhrozek
Copy link
Author

jhrozek commented Feb 7, 2023

/test e2e-aws

1 similar comment
@jhrozek
Copy link
Author

jhrozek commented Feb 7, 2023

/test e2e-aws

@openshift-merge-robot openshift-merge-robot merged commit 09d3326 into ComplianceAsCode:master Feb 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Vincent056 Vincent056 Vincent056 approved these changes

@xiaojiey xiaojiey Awaiting requested review from xiaojiey

Assignees

@Vincent056 Vincent056

Labels
approved docs-approved lgtm px-approved qe-approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jhrozek @Vincent056 @openshift-merge-robot