Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support full customization of CustomResource mutation rules in vault-secrets-webhook Helm chart #76

Open
gnadaban opened this issue Jun 5, 2023 · 0 comments
Open

Support full customization of CustomResource mutation rules in vault-secrets-webhook Helm chart #76

gnadaban opened this issue Jun 5, 2023 · 0 comments
Labels
kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/keep Denotes an issue or PR that should be preserved from going stale.

Comments

@gnadaban
Copy link

gnadaban commented Jun 5, 2023

Is your feature request related to a problem? Please describe.
Problem: trying to use ACK iam-controller with vault-secrets-webhook injecting trust policy I'm running into issues because the CustomResource mutation config options are hardcoded to apply to all API versions. This means that the webhook considers all RBAC Role objects for insertion unless they are ignored en masse either via namespace limiting or annotations (which is often outside our control, eg. some Helm charts simply don't support annotating RBAC Roles).

Describe the solution you'd like
I want to be able to selectively specify the exact custom resource API versions the webhook should consider for CR mutation.

Instead of this:

  rules:
  - operations:
    - CREATE
    - UPDATE
    apiGroups:
    - "*"
    apiVersions:
    - "*"
    resources:
{{ toYaml .Values.customResourceMutations | indent 6 }}

The Helm chart should ideally allow full customization of rules, with appropriate defaults set of course:

  rules:
{{ toYaml .Values.customResourceMutations.rules | indent  }}

Describe alternatives you've considered
Ignoring multiple namespaces to work around not being able to limit what CRs not to consider for mutation.
@akijakya akijakya transferred this issue from bank-vaults/bank-vaults Jul 20, 2023
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Dec 3, 2023
@ramizpolic ramizpolic removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Dec 7, 2023
@ramizpolic ramizpolic moved this from 🆕 New to 🔖 Ready for work in Project backlog Dec 7, 2023
@ramizpolic ramizpolic moved this from 🔖 Ready for work to 📋 Backlog in Project backlog Dec 7, 2023
@ramizpolic ramizpolic moved this from 📋 Backlog to 🔖 Ready for work in Project backlog Dec 7, 2023
@ramizpolic ramizpolic moved this from 🔖 Ready for work to Next up in Project backlog Dec 7, 2023
@ramizpolic ramizpolic moved this from Next up to 🔖 Ready for work in Project backlog Jan 18, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Feb 11, 2024
@ramizpolic ramizpolic removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Feb 22, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Apr 28, 2024
@csatib02 csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Apr 28, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jun 30, 2024
@csatib02 csatib02 added kind/enhancement Categorizes issue or PR as related to an improvement. and removed lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. labels Jun 30, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jun 30, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jun 30, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jun 30, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jun 30, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Sep 1, 2024
@csatib02 csatib02 added lifecycle/keep Denotes an issue or PR that should be preserved from going stale. and removed lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. labels Sep 1, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Sep 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Categorizes issue or PR as related to an improvement. lifecycle/keep Denotes an issue or PR that should be preserved from going stale.
Projects
Project backlog
Status: 🔖 Ready for work
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ramizpolic @gnadaban @csatib02