Open stoader opened 5 years ago
This validation should be available as a separate endpoint as well (i.e. without creating a cluster if the secret is OK).
If the credential lacks any of the required privileges the 403 (Forbidden) should be returned in the response indicating what permission is missing.
Further thinking about this: it should rather return 400 Bad Request: the user is authorized to send the create cluster request, but the provided data (credentials) are invalid.
Is your feature request related to a problem? Please describe. The cloud provider credential used to create a new managed K8s cluster requires a pre-defined set of privileges. If the used credential doesn't posses all the required privileges the cluster creation will fail at some stage half way through the creation process. This is undesired as users find out only later that some privileges are missing and have to delete the failed cluster and re-trigger the flow after the missing privileges were granted.
Describe the solution you'd like to see Upon cluster creation (
POST {{url}}/api/v1/orgs/:orgId/clusters
) the provided credentials should be validated for the required privileges taking into account the enabled features. (e.g. if cluster logging enabled verify that the credential provided for logging has object store write access).If the credential lacks any of the required privileges the 403 (Forbidden) should be returned in the response indicating what permission is missing.