Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating PolicyAttachment with new policy name does not replace attached policy #5

Open
SnehaMore20 opened this issue May 8, 2020 · 1 comment
Open

Updating PolicyAttachment with new policy name does not replace attached policy #5

SnehaMore20 opened this issue May 8, 2020 · 1 comment
Labels
enhancement New feature or request help wanted Extra attention is needed wontfix This will not be worked on

Comments

@SnehaMore20
Copy link

SnehaMore20 commented May 8, 2020
edited
Loading

Steps :

  1. create a PolicyAttachment which attaches policy1 to role1.
  2. update PolicyAttachment : change policy name to policy2 and apply the change.

Expected Behaviour :
role1 should have policy2 attached and policy1 removed

Actual Behaviour :
role1 has both the policies attached policy1 and policy2

Same issue happens when we update PolicyAttachment with new role
@redradrat
Copy link
Owner

redradrat commented Oct 25, 2020
edited
Loading

Changing policy reference should not be possible. Not quite sure, how I'm able to restrict this. Upstream, k8s does not yet allow for CRD fields to be set to readOnly.

https://github.com/kubernetes/enhancements/blob/8b9b994136371f1bc938aabf012f4c45535d684c/keps/sig-api-machinery/20190603-immutable-fields.md

Solutions here would be:

  • waiting for upstream impl
  • implementing validating webhook

@redradrat redradrat added enhancement New feature or request help wanted Extra attention is needed wontfix This will not be worked on labels Oct 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@redradrat @SnehaMore20