add openshift image role #1281
Merged
add openshift image role #1281
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
deads2k
force-pushed
the
deads-add-openshift-image-role
branch
from
799f310 to
469356b
Compare
deads2k
changed the title
Contributor
Author
|
@liggitt and we're ready. |
Contributor
Author
There was a problem hiding this comment.
Where's my drooly-face icon...
deads2k
force-pushed
the
deads-add-openshift-image-role
branch
from
469356b to
51449eb
Compare
Contributor
There was a problem hiding this comment.
should we make constants for these role names and use them here and above?
Contributor
Author
|
comments addressed. |
pkg/cmd/server/origin/master.go
Outdated
Contributor
There was a problem hiding this comment.
I thought the virtual registry handled the under-the-cover provisioning
Contributor
Author
There was a problem hiding this comment.
Only for the bindings made against master namespaced roles. Otherwise, it must exist ahead of time. That allows behavior where a project admin can create any roleBinding he wants, but only against master roles.
Contributor
There was a problem hiding this comment.
so using the API to create a policy and role bindings within a project, I would have to create an empty policy binding object first? I didn't realize that
Contributor
Author
There was a problem hiding this comment.
Only to create bindings to namespaces other than the master. You can create as many roles as you want, you simply can't do anything with them.
17 tasks
Contributor
|
Add an integration test to make sure a normal user can list "templates", "imageRepositories", "imageRepositoryTags" with a default server start |
Contributor
Author
|
comments addressed. |
Contributor
|
LGTM |
Contributor
Author
|
[merge] |
Contributor
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_openshift3/1160/) (Image: devenv-fedora_1025) |
Contributor
|
Evaluated for origin up to b837a77 |
openshift-bot
pushed a commit
that referenced
this pull request
Mar 12, 2015
Merged by openshift-bot
jboyd01
pushed a commit
to jboyd01/origin
that referenced
this pull request
Oct 4, 2017
…service-catalog/' changes from 06b897d198..7011d9e816 7011d9e816 origin build: add origin tooling f6eac6e Merge branch 'pr/1322' 6fb9fe8 Drop TPR storage support d337ec4 Moving from global api.Scheme to local Scheme (openshift#1297) a2a9fcc Add referential integrity check on ServiceBroker for Service/Plan (openshift#1317) 1563a74 Revert "Update dependencies to Kubernetes 1.7.6" (openshift#1316) 70e546b Fix json tags for parameters fields (openshift#1312) dcde551 Update to Kubernetes 1.7.6 (openshift#1262) 48e1e53 Add spec.serviceBrokerName field to plan (openshift#1307) 2c43744 add unit tests specifically for resolveReferences (openshift#1314) 6409e2f Resolve instance refs in ReconcileServiceInstance (openshift#1305) bee6afe Fix http verbs supported by servicebrokers/status (openshift#1294) 54199f8 Update walkthrough and correct use of secrets in parameters (openshift#1308) d00f2e3 Add note advising users on content of contrib/pkg (openshift#1277) 66f72b4 v0.0.22 updates (openshift#1306) 1e52673 use canary images when developing (openshift#1260) b26491e Fix HTTP verbs supported by serviceinstances/status (openshift#1302) 44ff690 Fix HTTP verbs supported by serviceinstancecredentials/status (openshift#1304) bbd4d05 Correct JSON tags in v1alpha1 fields (openshift#1301) 766311e Add missing JSON tags (openshift#1295) 3c672ba openshift#1278 - Flaky TestBasicFlowsWithOriginatingIdentity (openshift#1281) 904c236 Add warning to Parameters field doc about sensitive information (openshift#1287) 0c0035c Store in-progress and external properties in instance and binding status. (openshift#1250) 6ab6492 add instance orphan mitigation (openshift#1248) d9d0ea8 Make build of user-broker dependent upon files in contrib/pkg/broker (openshift#1282) 5c99c28 Updated bin/e2e.test to depend on all source (openshift#1280) 454645e Implement changes to k8s naming of ServiceClass and ServicePlan (openshift#1249) 1c81228 remove redundant 'old' validation in UPDATE (openshift#1269) 9c29cfe Wait for test-broker Service endpoint to be available (openshift#1270) 8663c0a Add unstructured serialization test (openshift#1263) 957477f Merge branch 'pr/1274' 1de013b fix http error nil dereference (openshift#1273) 36ba252 Fix race condition in admission controllers that use ServicePlan (openshift#1272) e3c1e86 Remove fmt.Println statements from serialization test 94f8f63 Make controller-manager health check less chatty in logs (openshift#1267) bd70dd4 Move pkg/brokerapi to contrib/pkg/brokerapi (openshift#1255) a38209c openshift#1149 - block concurrent updates to ServiceInstance and ServiceInstanceCredential (openshift#1213) 14dda52 Follow on work from 1252 (openshift#1264) 776fce1 docs/install-1.7.md: clarify that RBAC is optional (openshift#1245) 9064bf3 Add Spec to ServiceClass and ServicePlan (openshift#1252) 277abcd Add option to helm charts for enabling OriginatingIdentity feature (openshift#1251) c9a19c8 Clarify ready condition and event reasons when deprovision is blocked by existing ServiceInstanceCredentials (openshift#1258) d911a5e Add missing test for ServicePlans (openshift#1257) e7cc973 Remove (unused) test dependency on pkg/brokerapi/fake (openshift#1253) 010d6e1 Merge branch 'pr/1240' 170aab5 split plans off of service classes (openshift#1106) a3c6fc7 Chart updates for 0.0.21 (openshift#1244) b55c94e Remove dependency on pkg/brokerapi REVERT: 06b897d198 origin build: add origin tooling git-subtree-dir: cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog git-subtree-split: 7011d9e81649fb3e3f563375b69a9b2f79916b9a
jpeeler
pushed a commit
to jpeeler/origin
that referenced
this pull request
Feb 1, 2018
…ft#1281) * Wait for controller to shutdown in controller integration tests * Use sync.WaitGroup for waiting on controller workers to stop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Waiting on #1187
Only the last commit is new. It changes bootstrap policy to be described using discrete roles and rolebindings that are allowed to span namespaces. Those resources are created using the virtual registries introduced in #1187.
This takes us closer to the idea of having bootstrap policy described in a location on disk (auto-allocated) and passed into the master in a way that allows admins to inspect and modify bootstrap policy and provides a way for us to upgrade the bootstrap policy as we move forward.
@liggitt review?
@jwforres This adds permissions to the
openshiftnamespace. Please check 799f310#diff-1d38b34f638332aebf97978ff71d9664R19 to be sure it's granting the powers you want.@ncdc You were looking at bootstrap_policy.go, this supercedes it.