Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Fix KGO's RBAC policy rules:
This PR changes the generation script by using both KGO and KGOEE. The reason for this? KGO EE's manager role contains a super set of required policy rules so we can't just use KGO's manager role. Hence this change uses the base manifests + KGO EE's manager role.
There's probably a better way of doing this but this works ™️ .
NOTE: at some point we could consider using
kubebuilder
code markers instead of using already produced manifests if that would be easier/better.Special notes for your reviewer:
The resulting RBAC manifests were generated with
This change used
This is related to #1060 as those tests would greatly catch errors that produce unwanted changes in manager's role policy rules (re #1138) especially now that newer versions of controller tools generate aggregated policy rules so it's harder to notice the change in permissions for a particular type.
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
main
branch.