Closed rexagod closed 6 months ago
@rexagod: This pull request references MON-3396 which is a valid jira issue.
- [x] I added CHANGELOG entry for this change.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@rexagod: This pull request references MON-3820 which is a valid jira issue.
Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.16.0" version, but no target version was set.
- [x] I added CHANGELOG entry for this change.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
/jira refresh
@rexagod: This pull request references MON-3820 which is a valid jira issue.
/test e2e-aws-ovn-techpreview /test versions
Can you extend TestAlertmanagerAPI()
to check that reader role can only GET while writer role can GET/POST/DELETE?
@rexagod: all tests passed!
Full PR test history. Your PR dashboard.
tested with PR, no issue /label qe-approved
lgtm but will leave final approval to @simonpasquier
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: rexagod, simonpasquier
The full list of commands accepted by this bot can be found here.
The pull request process is described here
[ART PR BUILD NOTIFIER]
This PR has been included in build cluster-monitoring-operator-container-v4.16.0-202404191609.p0.g5af508b.assembly.stream.el9 for distgit cluster-monitoring-operator. All builds following this will include this PR.
PTAL below for more details.
Details
```yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: janedoe-am-read namespace: openshift-monitoring roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: monitoring-alertmanager-view subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: janedoe ``` ``` ┌[rexagod@nebuchadnezzar] [/dev/ttys002] └[~]> curl -H "Authorization: Bearer $token" -k "https://$host/api/v2/silences" [{"id":"e6840382-e5b8-48f2-847f-384628ff0f97","status":{"state":"active"},"updatedAt":"2024-04-15T00:02:01.834Z","comment":"foo2","createdBy":"kube:admin","endsAt":"2024-04-15T02:02:01.351Z","matchers":[{"isEqual":true,"isRegex":false,"name":"namespace","value":"openshift-monitoring"},{"isEqual":true,"isRegex":false,"name":"prometheus","value":"openshift-monitoring/k8s"},{"isEqual":true,"isRegex":false,"name":"severity","value":"warning"},{"isEqual":true,"isRegex":false,"name":"alertname","value":"AlertmanagerReceiversNotConfigured"}],"startsAt":"2024-04-15T00:02:01.834Z"}] ┌[rexagod@nebuchadnezzar] [/dev/ttys002] └[~]> curl -H "Authorization: Bearer $token" -X "DELETE" -k "https://$host/api/v2/silences/e6840382-e5b8-48f2-847f-384628ff0f97" Forbidden (user=janedoe, verb=delete, resource=alertmanagers, subresource=api) ```