Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-1039

DownStream: Remove `admin` permissions for ArgoCD instance when namespace label is removed

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Major
    • 1.2
    • None
    • None
    • None
    • GITOPS Sprint 204

    Description

      This story is about downstream CPaaS built gitops operator

      When a namespace is labelled which is recognised by the operator to grant `admin` privileges to the ArgoCD instance is removed, the Operator must remove the privileges as well, i.e remove the following -

      • Role and Role Binding created by the operator
      • Remove namespace from the list of namespaces defined in the Cluster Secret.

       

      Acceptance Criteria

      • This is about downstream CPaaS built gitops operator.  Implement the "removing" side of the requirements per https://docs.google.com/document/d/1CDm-J8QPItELQv_GIzs1Y89miXNVUh7RZS85PsxYuwg/edit#heading=h.obahgj87nfva
      • All the Role/Role Bindings should be removed.
      • Cluster Secret must not have the namespace present in the list of namespace
      • A user should be able to remove label on the target namespace.  The argocd instance cannot no longer create/manage resources on the target namespace due to permission are removed
      • Tested upgrade
      • Tested and documented CPaaS built gitops  operator
      • unit test added
      • e2e tests added

       

      Attachments

        Activity

          People

            jrao@redhat.com Jaideep Rao
            shuagarw@redhat.com Shubham Agarwal (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: