Open SnehaMore20 opened 4 years ago
Steps :
Expected Behaviour : role1 should have policy2 attached and policy1 removed
Actual Behaviour : role1 has both the policies attached policy1 and policy2
Same issue happens when we update PolicyAttachment with new role
Changing policy reference should not be possible. Not quite sure, how I'm able to restrict this. Upstream, k8s does not yet allow for CRD fields to be set to readOnly.
https://github.com/kubernetes/enhancements/blob/8b9b994136371f1bc938aabf012f4c45535d684c/keps/sig-api-machinery/20190603-immutable-fields.md
Solutions here would be:
Steps :
Expected Behaviour : role1 should have policy2 attached and policy1 removed
Actual Behaviour : role1 has both the policies attached policy1 and policy2
Same issue happens when we update PolicyAttachment with new role