Skip to content

Fix RBAC in multicluster tool #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 9, 2025
Merged

Fix RBAC in multicluster tool #99

merged 1 commit into from
May 9, 2025

Conversation

lucian-tosa
Copy link
Contributor

@lucian-tosa lucian-tosa commented May 9, 2025
edited
Loading

Summary

Our multicluster CLI tool didn't treat the "IsAlreadyExists" errors properly so some roles and clusterrolebindings were not updated when upgrading the operator.

Proof of Work

You can see that clusterrolebindings now are applied to the new service account, and the operator doesn't print any errors related to RBAC in the logs.

Here are the clusterrolebindings and the operator logs before.

Checklist

  • Have you linked a jira ticket and/or is the ticket in the title?
  • Have you checked whether your jira ticket required DOCSP changes?
  • Have you checked for release_note changes?

Reminder (Please remove this when merging)

  • Please try to Approve or Reject Changes the PR, keep PRs in review as short as possible
  • Our Short Guide for PRs: Link
  • Remember the following Communication Standards - use comment prefixes for clarity:
    • blocking: Must be addressed before approval.
    • follow-up: Can be addressed in a later PR or ticket.
    • q: Clarifying question.
    • nit: Non-blocking suggestions.
    • note: Side-note, non-actionable. Example: Praise
    • --> no prefix is considered a question

@lucian-tosa lucian-tosa marked this pull request as ready for review May 9, 2025 10:53
@lucian-tosa lucian-tosa requested a review from a team as a code owner May 9, 2025 10:53
@lucian-tosa lucian-tosa requested review from m1kola and MaciejKaras May 9, 2025 10:53
MaciejKaras
MaciejKaras reviewed May 9, 2025
View reviewed changes
Copy link
Collaborator

@MaciejKaras MaciejKaras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice finding!

How can we prevent this from happening again? Do we have tests for CLI that we can add this scenario?

@lucian-tosa
Copy link
Contributor Author

Nice finding!

How can we prevent this from happening again? Do we have tests for CLI that we can add this scenario?

Our upgrade tests should check that all RBAC is configured properly, I can open a ticket for that

@lucian-tosa lucian-tosa merged commit a373dde into master May 9, 2025
34 of 36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaciejKaras MaciejKaras MaciejKaras left review comments

@nammn nammn nammn approved these changes

@Julien-Ben Julien-Ben Julien-Ben approved these changes

@m1kola m1kola Awaiting requested review from m1kola m1kola is a code owner automatically assigned from mongodb/kubernetes-hosted

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lucian-tosa @MaciejKaras @nammn @Julien-Ben