Uploaded image for project: 'OpenShift Installer'
  1. OpenShift Installer
  2. CORS-3577

Spike on how to test newly required permissions and alert ROSA/Docs

XMLWordPrintable

    • Icon: Spike Spike
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • None
    • Installer Sprint 256, Installer Sprint 257, Installer (PB) Sprint 258, Installer (PB) Sprint 259, Installer Sprint 260

      We want to push the discovery/testing of new permission requirements earlier in the development cycle, so that we have ample time to alert ROSA of any new permissions. It is also just good practice for us to take responsibility for this.

      Two immediate tasks jump out for us to investigate:

      • how to setup e2e tests for minimal permissions
      • how to alert ROSA/docs when new permissions are needed

      We also need to clarify how to approach the permissions required for the permutations of the installer.

       

      FWIW QE does have an existing minimal install step: https://github.com/openshift/release/blob/master/ci-operator/step-registry/aws/provision/iam-user/minimal-permission/aws-provision-iam-user-minimal-permission-commands.sh

       

      We may be able to leverage that, but it is probably worth brainstorming whether there are other options. One idea that I think is very interesting is whether we could actually embed the permissions, such as an IAM policy, that could be extracted from the installer and used to generate the role/user that runs the installer. 

       

              rdossant Rafael Fonseca dos Santos
              padillon Patrick Dillon
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: