-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dynamic validation for workload identity permissions and requirements #3619
Conversation
e477db6
to
69409a9
Compare
/azp run ci,e2e |
Azure Pipelines successfully started running 2 pipeline(s). |
Please rebase pull request. |
69409a9
to
e3362d1
Compare
072ad43
to
71a3159
Compare
Please rebase pull request. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.bingo has merged - please rebase this PR on master and fix the generate cases.
…ity roles for cluster version
df793c0
to
8086154
Compare
/azp run ci,e2e |
1 similar comment
/azp run ci,e2e |
Azure Pipelines successfully started running 2 pipeline(s). |
1 similar comment
Azure Pipelines successfully started running 2 pipeline(s). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think all my comments have been addressed :)
…#3619) * ARO-4376 Track2 authorization api addition for roledefinitions * ARO-4376 add a stringutil funcs * ARO-4376 use dbPlatformWorkloadIdentityRoleSets to get platform identity roles for cluster version * ARO-4376 add dynamic validation for platformworkloadidentityprofile * ARO-4376 resolve initial comments * ARO-4376 refactor error messages and checkaccess action crosscheck * ARO-4376 Add unit tests and comments resolution * ARO-4376 add validation for upgradeableTo * ARO-4376 Comment resoultion and additional unit tests * ARO-4376 minor version comparison handling * ARO-4376 update permission error messaging handling for MIWI * ARO-4376 update constructors to return non-interface type * ARO-4376 add unit tests for GroupsIntersect * ARO-4376 update generate files to support bingo
…#3619) * ARO-4376 Track2 authorization api addition for roledefinitions * ARO-4376 add a stringutil funcs * ARO-4376 use dbPlatformWorkloadIdentityRoleSets to get platform identity roles for cluster version * ARO-4376 add dynamic validation for platformworkloadidentityprofile * ARO-4376 resolve initial comments * ARO-4376 refactor error messages and checkaccess action crosscheck * ARO-4376 Add unit tests and comments resolution * ARO-4376 add validation for upgradeableTo * ARO-4376 Comment resoultion and additional unit tests * ARO-4376 minor version comparison handling * ARO-4376 update permission error messaging handling for MIWI * ARO-4376 update constructors to return non-interface type * ARO-4376 add unit tests for GroupsIntersect * ARO-4376 update generate files to support bingo
Which issue this PR addresses:
JIRA: ARO-4376
What this PR does / why we need it:
For the MIWI Cluster feature, this PR performs dynamic validation for the Platform Workload Identities and Cluster MSI.
Uses CheckAccessV2 to validate the actions for all the Platform Workload Identities and Cluster MSI.
During Cluster Creation:-
Test plan for issue:
Is there any documentation that needs to be updated for this PR?
No
How do you know this will function as expected in production?
None of the environment should have an impact due to this change as the additional validation will only happen for MIWI clusters.