Skip to content

feat: query self RBAC list permissions before attempting to clean up orphans#1179

Closed
razvan wants to merge 6 commits intomainfrom
fix/1176
Closed

feat: query self RBAC list permissions before attempting to clean up orphans#1179
razvan wants to merge 6 commits intomainfrom
fix/1176

Conversation

@razvan
Copy link
Member

@razvan razvan commented Mar 18, 2026
edited
Loading

Description

Fixes #1176.

Tested with the OPA operator and can confirm that the 403 responses are gone.

Test results:

--- FAIL: kuttl (602.50s)
    --- FAIL: kuttl/harness (0.00s)
        --- PASS: kuttl/harness/resources_opa-latest-1.12.3_openshift-false (20.95s)
        --- PASS: kuttl/harness/smoke_opa-1.12.3_openshift-false_use-tls-true (66.44s)
        --- PASS: kuttl/harness/logging_opa-1.12.3_openshift-false (89.08s)
        --- PASS: kuttl/harness/smoke_opa-1.12.3_openshift-false_use-tls-false (62.79s)
        --- PASS: kuttl/harness/cluster-operation_opa-latest-1.12.3_openshift-false (37.44s)
        --- PASS: kuttl/harness/logging_opa-1.8.0_openshift-false (98.17s)
        --- PASS: kuttl/harness/openldap-user-info_opa-latest-1.12.3_openshift-false (90.08s)
        --- PASS: kuttl/harness/keycloak-user-info_opa-latest-1.12.3_keycloak-23.0.1_openshift-false (196.53s)
        --- PASS: kuttl/harness/smoke_opa-1.8.0_openshift-false_use-tls-true (57.99s)
        --- PASS: kuttl/harness/smoke_opa-1.8.0_openshift-false_use-tls-false (62.21s)
        --- FAIL: kuttl/harness/aas-user-info_opa-latest-1.12.3_openshift-false (394.14s)
FAIL
ERROR:root:kuttl failed
  • The failed test is not related

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes

Author

  • Changes are OpenShift compatible
  • CRD changes approved
  • CRD documentation for all fields, following the style guide.
  • Integration tests passed (for non trivial changes)
  • Changes need to be "offline" compatible

Reviewer

  • Code contains useful comments
  • Code contains useful logging statements
  • (Integration-)Test cases added
  • Documentation added or updated. Follows the style guide.
  • Changelog updated
  • Cargo.toml only contains references to git tags (not specific commits or branches)

Acceptance

  • Feature Tracker has been updated
  • Proper release label has been added

@razvan razvan self-assigned this Mar 18, 2026
@razvan razvan requested a review from a team March 18, 2026 13:25
@sbernauer sbernauer self-requested a review March 18, 2026 13:53
@razvan
Copy link
Member Author

razvan commented Mar 18, 2026

In talks with @sbernauer, we decided not to merge this.
The existing debug messages have their purpose.
This PR would also add additional (debug) messages while also increasing the complexity of the code for no good reason.

@razvan razvan closed this Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sbernauer sbernauer Awaiting requested review from sbernauer

Assignees

@razvan razvan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Prevent spaming DEBUG messages with 403s because we try to delete orphaned resources that we can't list

1 participant

@razvan