Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6272

oc policy add-role-to-user: allow roleBinding and SA to be indifferent namespaces

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • oc
    • None
    • False
    • None
    • False
    • Not Selected

      1. Proposed title of this feature request
      2. What is the nature and description of the request?
      Currently, policy add-role-to-user forces the SA and the RoleBinding to be in the same namespace:
      The SA namespace is set here https://github.com/openshift/oc/blob/822207dba2f31d33ffc320a2bb9145153f837fa6/pkg/cli/admin/policy/modify_roles.go#L411-L419
      The RoleBinding namespace is set here https://github.com/openshift/oc/blob/822207dba2f31d33ffc320a2bb9145153f837fa6/pkg/cli/admin/policy/modify_roles.go#L327C4-L327C24
      Even though the Kube API allows them to be in different namespaces (only the Role and the Rolebinding should be in the same namespace)
      I think a --serviceaccount-namespace makes sense.
      3. Why does the customer need this? (List the business requirements here)
      Allow users to make the RoleBinding reference a SA from another namespace.
      4. List any affected packages or components.

      (This is follow up of https://redhat-internal.slack.com/archives/CKJR6200N/p1726062789805209)

              gausingh@redhat.com Gaurav Singh
              rh-ee-amrini Ayoub Mrini
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: