fabric8cd
commented
6 years ago PR now available for testing: Launch in OpenShift.io and click the update tenant button
Closed sthaha closed 6 years ago
fabric8cd
commented
6 years ago PR now available for testing: Launch in OpenShift.io and click the update tenant button
rupalibehera
commented
6 years ago @aslakknutsen , We would appreciate your review here to help @sthaha merge this PR, thanks!
aslakknutsen
commented
6 years ago Just to note: This PR was tested and cause Promote to fail. Looking at a different solution.
fabric8cd
commented
6 years ago PR now available for testing: Launch in OpenShift.io and click the update tenant button
sthaha
commented
6 years ago @aslakknutsen I am a bit lost here, is this what you meant by roleRef to view ? Applying the patch removes the edit rolebinding and jenkins fails to promote to Prod.
On a related note, in order to promote to prod, shouldn't Jenkins actually check if the user has edit on the target namespace instead of the jenkins namespace?
aslakknutsen
commented
6 years ago @sthaha Yes, this patch looks correct based on what was said in 'some email thread' a long time ago. But maybe it was miss understood or has changed since.
@sthaha And yes, I agree. It should be the edit rights on the target that should matter. Not sure if Jenkins has dynamic enough roles for that.
fabric8cd
commented
6 years ago PR now available for testing: Launch in OpenShift.io and click the update tenant button
Previously users were given the permission to make changes to the jenkins namespace which means they could potentially break jenkins. This patch addresses the issue 1900 by removing user's
editrole.