Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bug](service account): create super admin service-account logic missed the rolebinding object #64

Closed
ericsyh opened this issue Sep 27, 2024 · 7 comments
Closed

[bug](service account): create super admin service-account logic missed the rolebinding object #64

ericsyh opened this issue Sep 27, 2024 · 7 comments
Assignees
@tuteng
Labels
type/bug

Comments

@ericsyh
Copy link
Member

ericsyh commented Sep 27, 2024

Issue

terraform creating super admin service-account needs to add a rolebinding object to set it up.

const roleBinding: V1alpha1RoleBinding = {
        apiVersion: API_VERSION,
        kind: 'RoleBinding',
        metadata: {
          name: name,
          namespace: organization
        },
        spec: {
          roleRef: {
            apiGroup: 'cloud.streamnative.io',
            kind: 'Role',
            name: 'admin'
          },
          subjects: [
            {
              apiGroup: 'cloud.streamnative.io',
              kind: 'ServiceAccount',
              name: name
            }
          ]
        }
      }

Impact

Now, if we create a super admin service account and issue an apikey under that service account. The issued apikey is missing the admin permission in the JWT token.

resource "streamnative_service_account" "erics-sa" {
  organization = "sndev"
  name = "erics-sa"
  admin = true
}

resource "streamnative_apikey" "erics-apikey" {
  organization = "sndev"
  name = "erics-apikey"
  instance_name = "baodi-test"
  service_account_name = streamnative_service_account.erics-sa.name
  description = "This is a test api key for terraform"
  revoke = false
  expiration_time = "0"
}
@erniebilling
Copy link

Is there an ETA for this fix?

Will this change just grant the SA admin on just the instance or across the whole StreamNative account? Ideally, it will just be within the instance.

@erniebilling
Copy link

@ericsyh @tuteng Any ETA for this fix? It's blocking our automated service account provisioning for topics.

@tuteng
Copy link
Member

tuteng commented Oct 15, 2024
edited
Loading

@ericsyh @tuteng Any ETA for this fix? It's blocking our automated service account provisioning for topics.

@ericsyh is driving this, please @ericsyh help to make an update about ETA later

@ericsyh
Copy link
Member Author

ericsyh commented Oct 18, 2024

@erniebilling Hi Ernie, we plan to fix this issue before the end of Oct. I will let you know after we fix and cut a release for it.

@tuteng
Copy link
Member

tuteng commented Oct 30, 2024

Fixed #67

@erniebilling
Copy link

@ericsyh @tuteng When will it be released? Still see 0.5.0 from Jul 8 as latest release.

@tuteng
Copy link
Member

tuteng commented Oct 31, 2024
edited
Loading

Released https://registry.terraform.io/providers/streamnative/streamnative/latest/docs, you can try create a new service account

@ericsyh ericsyh closed this as completed Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tuteng tuteng

Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tuteng @ericsyh @erniebilling