Update docs on changes to project access resources 👮 #25
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Unfortunately since the resources we are currently using for our infrastructure are Google resources, we couldn't just give all governing board members owner access too all the projects we are using. In the long run we probably want to change this so that the infrastructure is billed to the CDF, but in the short term we've scaled back the permissions and are trying to pinpoint exactly the right set to make sure ppl can do what they need to do. I also tried to add these permissions to all the boskos projects but there are about to be 14 of them (tektoncd/plumbing#29) and it turns out to be super tedious to apply these individual permissions across 14 different projects - and they can't share roles. So I decided to keep it simple and not give everyone access to the boskos projects for now (especially since afaik no one has ever needed to interact with them directly) and to open tektoncd/plumbing#34 about finding a way to not need 16+ different projects with their own permissions - as long as this is okay with the non-Google governing folks! If it isn't I'll add the permissions to all the projects.
tekton-robot
added
approved
|
PTAL @vdemeester @abayer @kimsterv @dlorenc /hold |
tekton-robot
added
the
do-not-merge/hold
bobcatfish
added a commit
to bobcatfish/plumbing
that referenced
this pull request
Jun 12, 2019
We have been seeing errors in our automated end to end tests which indicate that boskos (which use use to manage GCP projects for our end to end tests - see tektoncd#34 about maybe not using it anymore) had no projects left. So this PR doubles the number of boskos projects. Note that I have already manually applied this change to the boskos cluster. As you can see in tektoncd/community#25 I decided to not give everyone access to all 7 new projects b/c managing fine grained access across 14 boskos projects is no fun at all 😩 but I can add them anyway if folks want them. Fixes tektoncd#29
2 tasks
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bobcatfish, vdemeester The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
pushed a commit
to tektoncd/plumbing
that referenced
this pull request
Jun 12, 2019
We have been seeing errors in our automated end to end tests which indicate that boskos (which use use to manage GCP projects for our end to end tests - see #34 about maybe not using it anymore) had no projects left. So this PR doubles the number of boskos projects. Note that I have already manually applied this change to the boskos cluster. As you can see in tektoncd/community#25 I decided to not give everyone access to all 7 new projects b/c managing fine grained access across 14 boskos projects is no fun at all 😩 but I can add them anyway if folks want them. Fixes #29
|
I'm gonna remove the hold and we can keep iterating on this. /hold cancel |
tekton-robot
removed
the
do-not-merge/hold
xihaLong
added a commit
to xihaLong/community
that referenced
this pull request
Jul 16, 2019
Following the Tekton example of reducing Templates in favor of concrete configurations where possible may have a ripple effect here. Pipelines tektoncd#850 and the related design documents refer to these updates quite a bit. One natural outcome may be the removal of Template types in Triggers This first commit does not at-once update the repo, as I am seeking feedback first. Relevant discussion in comments and on design documents here: Tekton Templating https://docs.google.com/document/d/1h_3vSApIsuiwGkrqSiegi4NVaYG4oVzBquGAhIN6qGM Declarative Management https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/declarative-application-management.md updates discussion of tektoncd#25 Signed-off-by: xihaLong <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Unfortunately since the resources we are currently using for our
infrastructure are Google resources, we couldn't just give all governing
board members owner access too all the projects we are using. In the
long run we probably want to change this so that the infrastructure is
billed to the CDF, but in the short term we've scaled back the
permissions and are trying to pinpoint exactly the right set to make
sure ppl can do what they need to do.
I also tried to add these permissions to all the boskos projects but
there are about to be 14 of them
(tektoncd/plumbing#29) and it turns out to be
super tedious to apply these individual permissions across 14 different
projects - and they can't share roles. So I decided to keep it simple
and not give everyone access to the boskos projects for now (especially
since afaik no one has ever needed to interact with them directly) and
to open tektoncd/plumbing#34 about finding a
way to not need 16+ different projects with their own permissions - as
long as this is okay with the non-Google governing folks! If it isn't
I'll add the permissions to all the projects.