Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Create RoleDefinitions #2570

Closed
matthchr opened this issue Oct 27, 2022 · 3 comments · Fixed by #4067
Closed

Feature: Create RoleDefinitions #2570

matthchr opened this issue Oct 27, 2022 · 3 comments · Fixed by #4067
Assignees
@matthchr
Labels
good-first-issue issues which would be a good starting point for newcomers to the codebase new-feature new-resource Requests for new supported resources
Milestone
v2.8.0

Comments

@matthchr
Copy link
Member

The resource is Microsoft.Authorization/roleDefinitions.

An example ARM template is here: https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-template
@matthchr matthchr added this to the v2.0.0-beta.5 milestone Oct 31, 2022
@matthchr
Copy link
Member Author

matthchr commented May 1, 2023

We still want to do this

@matthchr matthchr modified the milestones: v2.2.0, v2.1.0 May 1, 2023
@theunrepentantgeek theunrepentantgeek modified the milestones: v2.1.0, v2.2.0 May 23, 2023
@ashetonh-ad
Copy link

We do as well

@matthchr
Copy link
Member Author

Still interested in doing this - it should be pretty easy as well if anybody external wants to contribute it.

@matthchr matthchr added good-first-issue issues which would be a good starting point for newcomers to the codebase new-resource Requests for new supported resources labels Nov 27, 2023
@theunrepentantgeek theunrepentantgeek modified the milestones: v2.6.0, v2.7.0 Dec 11, 2023
@matthchr matthchr removed this from the v2.7.0 milestone Feb 22, 2024
@matthchr matthchr added this to the v2.8.0 milestone Apr 9, 2024
@matthchr matthchr self-assigned this Jun 7, 2024
matthchr added a commit to matthchr/azure-service-operator that referenced this issue Jun 7, 2024
@matthchr
Add support for RoleDefinition resource
e9d784d 
This fixes Azure#2570.
@matthchr matthchr mentioned this issue Jun 7, 2024
Merged
3 tasks
matthchr added a commit to matthchr/azure-service-operator that referenced this issue Jun 11, 2024
@matthchr
Add support for RoleDefinition resource
cf2bb3b 
This fixes Azure#2570.
matthchr added a commit to matthchr/azure-service-operator that referenced this issue Jun 11, 2024
@matthchr
Add support for RoleDefinition resource
d6750af 
This fixes Azure#2570.
matthchr added a commit to matthchr/azure-service-operator that referenced this issue Jun 11, 2024
@matthchr
Add support for RoleDefinition resource
bfe203f 
This fixes Azure#2570.
matthchr added a commit to matthchr/azure-service-operator that referenced this issue Jun 11, 2024
@matthchr
Add support for RoleDefinition resource
ab01e31 
This fixes Azure#2570.
matthchr added a commit to matthchr/azure-service-operator that referenced this issue Jun 11, 2024
@matthchr
Add support for RoleDefinition resource
41c6df0 
This fixes Azure#2570.
github-merge-queue bot pushed a commit that referenced this issue Jun 12, 2024
@matthchr
Add support for RoleDefinition resource (#4067)
3effce6 
* Update RoleAssignment test API version

 * Re-record tests using the newer API version.

* Make it easier to run manual upgrade tests

Split Taskfile targets more to make it easier to run manual upgrade
tests where the flow is:

 1. Install GA ASO.
 2. Perform manual testing step.
 3. Upgrade to vNext ASO.
 4. Perform manual testing step.

* Add support for RoleDefinition resource

This fixes #2570.

* Fix uniqueness bug with RoleAssignment owned by ARM ID

Fix bug where RoleAssignment owned by ARM ID doesn't account for the
ARM ID in the seed of the random UUID generate.

This bugfix is BREAKING if the owner is using ARM ID and in the
following cases:
 * User migrates RoleAssignment from one cluster to another.
 * User sets reconcile-policy: skip, deletes the RoleAssignment and then
   recreates it.

In the above two cases, the new correct algorithm will consider the ARM
ID of the owner and generate a different UUID than before. Other cases
such as standard updates will not be impacted as Kubernetes sends the
WHOLE object to the mutating webhook and for updates the object contains
the (old) generated UUID.

* Fix file format
@github-project-automation github-project-automation bot moved this from Backlog to Recently Completed in Azure Service Operator Roadmap Jun 12, 2024
@matthchr matthchr moved this from Recently Completed to Ready for Release in Azure Service Operator Roadmap Jun 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matthchr matthchr

Labels
good-first-issue issues which would be a good starting point for newcomers to the codebase new-feature new-resource Requests for new supported resources
Projects
Azure Service Operator Roadmap
Archived in project
Milestone
v2.8.0
Development

Successfully merging a pull request may close this issue.

Add support for RoleDefinition resource matthchr/azure-service-operator
3 participants
@theunrepentantgeek @matthchr @ashetonh-ad