Closed sthaha closed 6 years ago
PR now available for testing: Launch in OpenShift.io and click the update tenant button
@aslakknutsen , We would appreciate your review here to help @sthaha merge this PR, thanks!
Just to note: This PR was tested and cause Promote to fail. Looking at a different solution.
PR now available for testing: Launch in OpenShift.io and click the update tenant button
@aslakknutsen I am a bit lost here, is this what you meant by roleRef
to view
? Applying the patch removes the edit
rolebinding and jenkins fails to promote to Prod.
On a related note, in order to promote to prod, shouldn't Jenkins actually check if the user has edit
on the target
namespace instead of the jenkins
namespace?
@sthaha Yes, this patch looks correct based on what was said in 'some email thread' a long time ago. But maybe it was miss understood or has changed since.
@sthaha And yes, I agree. It should be the edit rights on the target that should matter. Not sure if Jenkins has dynamic enough roles for that.
PR now available for testing: Launch in OpenShift.io and click the update tenant button
Previously users were given the permission to make changes to the jenkins namespace which means they could potentially break jenkins. This patch addresses the issue 1900 by removing user's
edit
role.