I don’t think it does at all. It seems like we cannot update a backup object. So having update on a backup is a no-op..
I think we should update this in the docs @rasika.chivate
Manish Chawla September 10, 2024 at 2:27 PM
Thanks Mayank, but then how does the update permission affect the backup schedules and backups?
Mayank Shah September 10, 2024 at 2:23 PM
@Manish Chawla Editing a backup schedule is effectively the same as creating a backup (because that’s what the operators eventually do). Hence, editing the backup schedule requires permission to create a backup, and not update
Tested with Everest v1.2.0-rc1 version.
Install mysql operator in a1 namespace and mongodb in a2 namespace.
Login in Everest UI using admin user and create mysql database using the admin user. Take some scheduled backups for the mysql database.
Create a user dbadmin using cli.
./everestctl-1.2.0-rc1 accounts createAdd the following permissions in the RBAC policy
p, dbadmin:role, namespaces, read, * p, dbadmin:role, database-engines, read, * p, dbadmin:role, database-clusters, *, */* p, dbadmin:role, database-cluster-backups, create, a2/* p, dbadmin:role, backup-storages, *, */* g, dbadmin, dbadmin:roleLogin as dbadmin user and create a mongodb database in a2 namespace, add a scheduled backup and take some backups.
Change the permissions in the RBAC policy to use update instead of create for database-cluster-backups
p, dbadmin:role, namespaces, read, * p, dbadmin:role, database-engines, read, * p, dbadmin:role, database-clusters, *, */* p, dbadmin:role, database-cluster-backups, update, a2/* p, dbadmin:role, backup-storages, *, */* g, dbadmin, dbadmin:roleEdit the backup schedule as dbadmin user
Clicking the
Savebutton does not do anything.Try to delete the backup schedule
Clicking the
Deletebutton does not do anything.Hence editing and deleting the backup schedule cannot be done using update permissions of database-cluster-backups.
Also, it is not clear how the update permissions affect the backups or is it used for restoring a database.