Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(argo-rollouts): Add missing patch permissions for contour RBAC #2452

Closed
wants to merge 1 commit into from
Closed

fix(argo-rollouts): Add missing patch permissions for contour RBAC #2452

wants to merge 1 commit into from

Conversation

frankh
Copy link

@frankh frankh commented Jan 25, 2024
edited
Loading

Since this PR argoproj-labs/rollouts-plugin-trafficrouter-contour#53 the contour trafficrouter plugin uses patch not update.

Add the patch permission so that the latest version of the trafficrouter plugin works

Checklist:

  • I have bumped the chart version according to versioning
  • I have updated the documentation according to documentation
  • I have updated the chart changelog with all the changes that come with this pull request according to changelog.
  • Any new values are backwards compatible and/or have sensible default.
  • I have signed off all my commits as required by DCO.
  • My build is green (troubleshooting builds).

@frankh
Add missing patch permissions for contour RBAC
e219d08 
Since this PR argoproj-labs/rollouts-plugin-trafficrouter-contour#53
the contour trafficrouter plugin uses `patch` not `update`.

Add the `patch` permission so that the latest version of the
trafficrouter plugin works

Signed-off-by: Frank Hamand <frankhamand@gmail.com>
@jmeridth
Copy link
Member

We match the releases. The latest release does not include that PR. https://github.com/argoproj/argo-rollouts/releases/tag/v1.6.4

@frankh
Copy link
Author

frankh commented Jan 25, 2024

We match the releases. The latest release does not include that PR. https://github.com/argoproj/argo-rollouts/releases/tag/v1.6.4

It's from the plugin, not argo, and it is in the latest release: https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/tree/v0.3.0

@frankh frankh changed the title fix: Add missing patch permissions for contour RBAC fix(argo-rollouts): Add missing patch permissions for contour RBAC Jan 25, 2024
yu-croco
yu-croco reviewed Jan 25, 2024
View reviewed changes
charts/argo-rollouts/templates/controller/clusterrole.yaml
@@ -266,6 +266,7 @@ rules:
- list
- watch
- update
- patch
Copy link
Collaborator

@yu-croco yu-croco Jan 25, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's from the plugin, not argo, and it is in the latest release: https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour/tree/v0.3.0

Since this block is for contour not for trafficrouter-contour, I wonder we can provide other block for trafficRouterPlugins, like below? 🤔

{{- if .Values.controller.trafficRouterPlugins }}
- apiGroups:
    - projectcontour.io
  resources:
    - httpproxies
  verbs:
    - patch
{{- end }}

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh my bad, countor means rollouts-plugin-trafficrouter-contour. 💡 Please disregard above.

https://github.com/argoproj/argo-helm/blob/main/charts/argo-rollouts/values.yaml#L272-L273

@yu-croco
Copy link
Collaborator

Ah as @jmeridth mentioned, upstream has no permission for contour though there are permissions for other providers.
Ref: https://github.com/argoproj/argo-rollouts/blob/v1.6.4/manifests/role/argo-rollouts-clusterrole.yaml

@frankh
Since argo-helm follows upstream's manifest, can you please make PR at upstream?

@yu-croco yu-croco added the awaiting-upstream Is waiting for a change upstream to be completed before it can be merged. label Feb 27, 2024
@frankh frankh closed this Mar 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yu-croco yu-croco yu-croco left review comments

@jmeridth jmeridth Awaiting requested review from jmeridth jmeridth is a code owner

Assignees
No one assigned
Labels
argo-rollouts awaiting-upstream Is waiting for a change upstream to be completed before it can be merged. size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@frankh @jmeridth @yu-croco