You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 23, 2020. It is now read-only.
In order to build up the tenant infrastructure on a target openshift cluster, we use a privileged account able to create and then edit role bindings for the and on behalf of the user. In testing, we've noticed that if the privilged account is not running with the required privilges, the tenant does not abort or report-failure.
This results in the false impression that the tenant infra is setup, but it isnt and checks against it fail externally, and internally neither jenkins nor che are able to run.
The text was updated successfully, but these errors were encountered:
we should also consider situations where the privileged account token is valid, but some actions can't be executed for all sorts of reasons. ther should/could be appropriate feedback to indicate failure to initialize and to retry or contact support
@joshuawilson It's brewing in the back of my head. Just not quite sure what to actually check for. Specially when we're starting to talk about Profiles as the templates in a large extent decide what auth the user needs. But we can certainly add a few basic know ones for now, e.g. create/edit RoleBindings/RoleBindingRestrictions/DeploymentConfigs/Secrets/ConfigMaps
ping @xcoulon - as you are working through, thinking through some parts of this - maybe an easy win to get done, for just validating those few roles are working ?
In order to build up the tenant infrastructure on a target openshift cluster, we use a privileged account able to create and then edit role bindings for the and on behalf of the user. In testing, we've noticed that if the privilged account is not running with the required privilges, the tenant does not abort or report-failure.
This results in the false impression that the tenant infra is setup, but it isnt and checks against it fail externally, and internally neither jenkins nor che are able to run.
The text was updated successfully, but these errors were encountered: