#8659 openshift: allow for users to be able to start a rollout of a deployment
Opened 8 months ago by dustymabe. Modified 7 months ago

Describe what you would like us to do:


This is similar to https://pagure.io/fedora-infrastructure/issue/8005. It would be nice if we could just click to start a new deployment in the web interface or from the CLI:

$ oc -n coreos-ostree-importer rollout latest coreos-ostree-importer
Error from server (Forbidden): deploymentconfigs.apps.openshift.io "coreos-ostree-importer" is forbidden: User "dustymabe" cannot update deploymentconfigs.apps.openshift.io in the namespace "coreos-ostree-importer": no RBAC policy matche
d

I think maybe this would do it:

diff --git a/roles/openshift/project/templates/role-appowners.yml b/roles/openshift/project/templates/role-appowners.yml
index 3cb94c542..59642ad9a 100644
--- a/roles/openshift/project/templates/role-appowners.yml
+++ b/roles/openshift/project/templates/role-appowners.yml
@@ -80,6 +80,7 @@ rules:
   resources:
   - buildconfigs/instantiate
   - builds
+  - deploymentconfigs
   verbs:
   - create
   - update

Sure, but note this is done already in playbooks, so if you run the playbook again it will do a rollout.

Metadata Update from @kevin:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: OpenShift

8 months ago

If we grant this does that people can edit deploymentconfig? we don't want that, we want to make sure ansible has the actual source of truth deploymentconfig.

Will the rollout from the playbook be sufficent here? Perhaps with a variable to just rollout?

If we grant this does that people can edit deploymentconfig? we don't want that, we want to make sure ansible has the actual source of truth deploymentconfig.

I don't know

Will the rollout from the playbook be sufficent here? Perhaps with a variable to just rollout?

It's a real big pain when you are already logged in to the web interface and there could be a button right in front of you to click to instead have to go log in to a machine find a specially crafted command to run and run it as well as authenticate with password/token.

Login to comment on this ticket.

Metadata