Closed jstuever closed 3 months ago
@jstuever: This pull request references Jira Issue OCPBUGS-36140, which is valid. The bug has been moved to the POST state.
Requesting review from QA contact: /cc @jianping-shu
The bug has been updated to refer to the pull request using the external bug tracker.
Attention: Patch coverage is 0%
with 4 lines
in your changes missing coverage. Please review.
Project coverage is 48.33%. Comparing base (
35088a0
) to head (a1b62cc
).
@jstuever: This pull request references Jira Issue OCPBUGS-36140, which is valid.
Requesting review from QA contact: /cc @jianping-shu
/cherry-pick release-4.16 release-4.15 release-4.14
@jstuever: once the present PR merges, I will cherry-pick it on top of release-4.16 in a new PR and assign it to you.
/assign @dlom /override ci/prow/security
@jstuever: Overrode contexts on behalf of jstuever: ci/prow/security
@jstuever: all tests passed!
Full PR test history. Your PR dashboard.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: dlom, jstuever
The full list of commands accepted by this bot can be found here.
The pull request process is described here
@jstuever: Jira Issue OCPBUGS-36140: All pull requests linked via external trackers have merged:
Jira Issue OCPBUGS-36140 has been moved to the MODIFIED state.
@jstuever: new pull request created: #714
[ART PR BUILD NOTIFIER]
This PR has been included in build ose-cloud-credential-operator-container-v4.17.0-202407102011.p0.g2fceb62.assembly.stream.el9 for distgit ose-cloud-credential-operator. All builds following this will include this PR.
Currently, the GCP passthrough permissions check generates a list of required permissions from the credential requests, queries and caches a list of valid permissions for the project, filters the required list to only include those that are valid, and then ensures the provided service account has the filtered list of permissions on the project. However, for whatever reason, sometimes the check errors stating that the permission is invalid.
This change attempts to discover when this happens and removes the problematic permission from the cached list of valid permissions. This enables the check to function properly for the remaining duration of the cache.