Closed tnozicka closed 4 years ago
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: tnozicka
The full list of commands accepted by this bot can be found here.
The pull request process is described here
/retest
/retest
looks like the update
verb has to be removed as well:
Error from server (Forbidden): error when creating "deploy/single-namespace/role.yaml": roles.rbac.authorization.k8s.io "openshift-acme" is forbidden: user "developer" (groups=["system:authenticated:oauth" "system:authenticated"]) is attempting to grant RBAC permissions not currently held:
{APIGroups:["route.openshift.io"], Resources:["routes/custom-host"], Verbs:["update"]}
I think that's a bug in OCP bootstrap policy, I saw update being checked in ingress admission. Need to look into it next week. I suppose I can ship it with only create for now.
@tnozicka: The following test failed, say /retest
to rerun all failed tests:
Test name | Commit | Details | Rerun command |
---|---|---|---|
ci/prow/e2e-specific-namespaces | 2cfefc7388102408a334ada90933531c7e5e11c2 | link | /test e2e-specific-namespaces |
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.
What type of PR is this? /kind bug
What this PR does / why we need it: non-existing permission lead to failure to create the role
Which issue(s) this PR fixes: Fixes https://github.com/tnozicka/openshift-acme/issues/109
Does this PR introduce a user-facing change?: