Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update existing ServiceAccount if some Role/RoleBinding was changed #19697

Closed
svor opened this issue Apr 28, 2021 · 7 comments
Closed

Update existing ServiceAccount if some Role/RoleBinding was changed #19697

svor opened this issue Apr 28, 2021 · 7 comments
Assignees
@mshaposhnik
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.

Comments

@svor
Copy link
Contributor

svor commented Apr 28, 2021

Is your task related to a problem? Please describe.

In case if Roles or RoleBindings were changed (updated/removed/added), existing workspace ServiceAccount doesn't apply such updates.
It would be nice to have a mechanism to apply diffs of Role/RoleBindings.

Additional context

This issue was caused by #19651
@svor svor added kind/task Internal things, technical debt, and to-do tasks to be performed. team/platform labels Apr 28, 2021
@svor svor mentioned this issue Apr 28, 2021
Merged
9 tasks
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Apr 28, 2021
@skabashnyuk skabashnyuk added severity/P1 Has a major impact to usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. severity/P1 Has a major impact to usage or development of the system. labels Apr 28, 2021
@tolusha
Copy link
Contributor

tolusha commented Apr 28, 2021

In other words if roles exist then they are supposed to be updated, right?

@tolusha
Copy link
Contributor

tolusha commented Apr 28, 2021

Why not fixed it in context of #19651 ?

@svor
Copy link
Contributor Author

svor commented Apr 28, 2021

@tolusha even if a new role was added, existing SA should be updated. #19651 was created to add a new role to get metrics information but updating existing SA is another problem as for me

@tolusha tolusha added the severity/P1 Has a major impact to usage or development of the system. label Apr 28, 2021
@sleshchenko sleshchenko mentioned this issue May 26, 2021
Closed
23 tasks
@skabashnyuk skabashnyuk mentioned this issue Jul 7, 2021
Closed
@l0rd
Copy link
Contributor

l0rd commented Jul 13, 2021

I am trying to understand the impact of this issue and when users would be impacted by this issue. Why Role/RoleBindings should be updated? When does a user face this issue?

@l0rd
Copy link
Contributor

l0rd commented Jul 13, 2021

After @skabashnyuk comment I now understand that this issue is reproduced whenever Che is updated from v7.29 (or CRW 2.8) or lower. And that the consequence is that existing users won't be able to start workspaces. But then I am not sure how QE hasn't found this problem earlier cc @dmytro-ndp?

@mshaposhnik
Copy link
Contributor

mshaposhnik commented Jul 15, 2021
edited
Loading

@tolusha for correct implementation of that, we need to add at least update role right for che SA in user namespace. Any concerns?

@mshaposhnik mshaposhnik self-assigned this Jul 15, 2021
@tolusha
Copy link
Contributor

tolusha commented Jul 15, 2021

no concerns from my side.

@mshaposhnik mshaposhnik mentioned this issue Jul 16, 2021
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mshaposhnik mshaposhnik

Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@l0rd @svor @skabashnyuk @tolusha @mshaposhnik @che-bot