Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update permission on operator level #447

Merged
merged 1 commit into from
Aug 17, 2023
Merged

Update permission on operator level #447

merged 1 commit into from
Aug 17, 2023

Conversation

zdtsw
Copy link
Member

@zdtsw zdtsw commented Aug 15, 2023
edited
Loading

Description

ref: #422

  • to refine permission for operator instead of wildly open all group and all resources.
  • removed DSCI and DSC editor and viewer permission in config, which are not used as input for CSV

also add MANIFEST_RELEASE to pass into image build if it is done by "make image" otherwise it is using v1.8 from odh-manifests

How Has This Been Tested?

test: image: 'quay.io/wenzhou/opendatahub-operator:dev-2.8.15-40'

PS: if enable "ray" for the current ODH odh-manifests, we see reconcile from operator v2.
so we need to get opendatahub-io/odh-manifests#910 into "master" odh-manifests to finalize the function. but from operator perspective, permissions are ready.

Merge criteria:

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

@zdtsw zdtsw force-pushed the issue/422 branch 4 times, most recently from cf8ebdd to bffa2b4 Compare August 16, 2023 14:05
VaishnaviHire
VaishnaviHire reviewed Aug 16, 2023
View reviewed changes
Copy link
Member

@VaishnaviHire VaishnaviHire left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Since we are doing serverside apply, resources should have patch permissions under verbs

  • To successfully get deleted resources should also have delete permissions

config/rbac/role.yaml Show resolved Hide resolved
config/rbac/role.yaml Show resolved Hide resolved
config/rbac/role.yaml Show resolved Hide resolved
config/rbac/role.yaml Show resolved Hide resolved
@zdtsw
Copy link
Member Author

zdtsw commented Aug 17, 2023
edited
Loading

latest test to set:

components:
    codeflare:
      enabled: true
    dashboard:
      enabled: false
    datasciencepipelines:
      enabled: true
    kserve:
      enabled: true
    modelmeshserving:
      enabled: false
    ray:
      enabled: false
    workbenches:
      enabled: true

get DEBUG events DataScienceCluster instance default created and deployed successfully {"type": "Normal", "object": {"kind":"DataScienceCluster","name":"default","uid":"20bb083c-c921-4d33-a9ce-0e3eb8308c00","apiVersion":"datasciencecluster.opendatahub.io/v1alpha1","resourceVersion":"8364229"}, "reason": "DataScienceClusterCreationSuccessful"}

@zdtsw
Copy link
Member Author

zdtsw commented Aug 17, 2023

to solve dashboard and modelmesh secret issue, we need secrets/finalizers to be added

@zdtsw zdtsw changed the title [WIP]: Update permission on operator level Update permission on operator level Aug 17, 2023
@zdtsw
Update permission on operator level
66a0e8d 
- remove dsci and dsc viewer and editor which are not in use

Signed-off-by: Wen Zhou <wenzhou@redhat.com>
VaishnaviHire
VaishnaviHire approved these changes Aug 17, 2023
View reviewed changes
Copy link
Member

@VaishnaviHire VaishnaviHire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Aug 17, 2023
@openshift-ci
Copy link

openshift-ci bot commented Aug 17, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: VaishnaviHire

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@VaishnaviHire VaishnaviHire merged commit 3370aa7 into opendatahub-io:main Aug 17, 2023
@zdtsw zdtsw deleted the issue/422 branch June 22, 2024 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VaishnaviHire VaishnaviHire VaishnaviHire approved these changes

@etirelli etirelli Awaiting requested review from etirelli

Assignees

@VaishnaviHire VaishnaviHire

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zdtsw @VaishnaviHire