[CLI] rbac validate command should be able to accept ConfigMap YAML file

Description

The --policy-file flag of the settings rbac validate command should be able to accept a ConfigMap YAML file.

Issue created in Slack from a message.

Attachments

15 Nov 2024, 03:54 PM

Activity

Show:

Edith Erika Puclla Pareja November 15, 2024 at 3:54 PM

Hello @Mayank Shah, I tested, and it works fine! Now everesctl is validating YAML files as well.

Commands are:

kubectl get cm -n everest-system everest-rbac -oyaml > rbac-cm.yaml
./everestctl settings rbac validate  --policy-file=rbac-cm.yaml

Screenshot:

Mayank Shah November 14, 2024 at 6:09 PM

Hi @Edith Erika Puclla Pareja, I don’t think you need to worry much about the tabs issue in that thread. This ticket is about ensuring that the validate command is able to accept local YAML files (ConfigMap).

To give you some historical context, the settings rbac validate command accepted only .csv files earlier. With this ticket, you should be able to pass the ConfigMap YAML directly using the --policy-file flag.

Steps to test:

Save the RBAC configmap locally in a file:

kubectl get cm -n everest everest-rbac > rbac-cm.yaml

Pass to the validate command:

everestctl settings rbac validate --policy-file=/path/to/rbac.yaml

Ensure it works as expected

Edith Erika Puclla Pareja November 14, 2024 at 5:23 PM

Hello @Mayank Shah, @Mayank Shah , I was reading the thread in which you discussed this in Slack.

Please could you let me know if this is the right approach to test this issue? I haven't checked yet if my terminal is set up to replace tabs with spaces. I'll take a look at it tomorrow.
I tested this with the following:

I edited the config map:

kubectl edit cm everest-rbac -n everest-system

I added TABS in lines 12, 13, 14

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  enabled: "false"
  policy.csv: |
    g, admin, role:admin
    p, adminrole:role, namespaces, *, *
    p, adminrole:role, database-engines, *, */
    p, adminrole:role, database-clusters, *, */*
    p, adminrole:role, database-cluster-backups, *, */*
    p, adminrole:role, database-cluster-restores, *, */*
    p, adminrole:role, database-cluster-credentials, *, */*
    p, adminrole:role, backup-storages, *, */*
    p, adminrole:role, monitoring-instances, *, */*
    g, admin, adminrole:role
kind: ConfigMap
metadata:
  creationTimestamp: "2024-11-14T16:35:54Z"
  name: everest-rbac
"/var/folders/sp/sfppbwjx6cj7gy_dq_fy_x4m0000gn/T/kubectl-edit-3028916689.yaml" 25L, 916B

Then I validated the rbac

$ ./everestctl settings rbac validate                                                      
✓ Valid

Thank youu!!!

Unresolved

Details
Assignee
Edith Erika Puclla Pareja
Reporter
Mayank Shah
Fix versions
1.3.0
Priority
Medium
Parent
EVEREST-1022 Role Based Access Control

Smart Checklist

Created September 16, 2024 at 8:48 AM

Updated November 18, 2024 at 12:45 PM

[CLI] rbac validate command should be able to accept ConfigMap YAML file

Description

Attachments

Activity

Edith Erika Puclla Pareja November 15, 2024 at 3:54 PM

Mayank Shah November 14, 2024 at 6:09 PM

Edith Erika Puclla Pareja November 14, 2024 at 5:23 PM

DetailsAssigneeEdith Erika Puclla ParejaEdith Erika Puclla ParejaReporterMayank ShahMayank ShahFix versions1.3.0PriorityMediumParentEVEREST-1022 Role Based Access Control

Details

Assignee

Reporter

Fix versions

Priority

Parent

Smart ChecklistOpen Smart Checklist

Smart Checklist

Details
Assignee
Edith Erika Puclla Pareja
Reporter
Mayank Shah
Fix versions
1.3.0
Priority
Medium
Parent
EVEREST-1022 Role Based Access Control

Smart Checklist