elmiko
commented
3 years ago this seems like a nice upgrade, +1
Closed rvanderp3 closed 2 years ago
elmiko
commented
3 years ago this seems like a nice upgrade, +1
rvanderp3
commented
3 years ago example of failed check due to misconfigured permissions on the vsphere cluster:
I0928 17:58:28.895992 1 privileges.go:25] CheckUserPrivileges: *** Missing Privileges ***
vSphere object: vSphere vCenter Cluster
Host.Config.Storage, Resource.AssignVMToPool, VApp.AssignResourcePool, VApp.Import, VirtualMachine.Config.AddNewDisk
I0928 17:58:28.896865 1 vsphere_check.go:217] CheckUserPrivileges passed
I0928 17:58:29.096515 1 folder.go:100] CheckFolderPermissions: found 41 files in datastore nvmepool at path //hold
resuming work on this PR. placing a hold for now.
openshift-bot
commented
2 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
rvanderp3
commented
2 years ago refactored to allow for unit testing and better integration with the project, work is still ongoing.
rvanderp3
commented
2 years ago /remove-lifecycle stale
rvanderp3
commented
2 years ago /hold cancel
jsafrane
commented
2 years ago /assign @gnufied
openshift-bot
commented
2 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle stale
openshift-ci[bot]
commented
2 years ago @rvanderp3: PR needs rebase.
rvanderp3
commented
2 years ago /hold
need to update with latest privilege set
rvanderp3
commented
2 years ago /remove-lifecycle stale
rvanderp3
commented
2 years ago /hold cancel
rvanderp3
commented
2 years ago /assign @gnufied cc: @jcpowermac
openshift-ci[bot]
commented
2 years ago @rvanderp3: all tests passed!
Full PR test history. Your PR dashboard.
gnufied
commented
2 years ago /lgtm /approve
openshift-ci[bot]
commented
2 years ago [APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: gnufied, rvanderp3
The full list of commands accepted by this bot can be found here.
The pull request process is described here
gnufied
commented
2 years ago /label docs-approved /label px-approved
Phaow
commented
2 years ago /label qe-approved
The intent of this PR is to validate the privileges granted to the user assigned to OpenShift to interact with vCenter. The privilege list found in the OpenShift docs is used to build the target set of permissions.
What is being checked?
How is a user notified of a lack of privileges? When it is determined that an account holds inadequate privileges, an alert is raised and the discrete missing privileges are logged.
For the datastores, datacenter, vCenter root folder, and vm folder, the metric
vsphere_cluster_check_errors[check=CheckAccountPermissions]will be set to 1.For compute cluster privileges,
vsphere_node_check_errors[check=CheckAccountPermissions]will be set to 1. This is due to the compute cluster not being readily available in a resource. The compute cluster is determined by checking the parent of individual VMs.The vsphere-problem-detector logs will contain the missing privileges:
How is it being tested?