managed-cluster-config icon indicating copy to clipboard operation
managed-cluster-config copied to clipboard
verified publisher icon openshift

OCM-16226 | feat: add 'iam:GetUser' to hcp installer policy

Open gdbranco opened this issue 6 months ago • 4 comments

What type of PR is this?

feature

What this PR does / why we need it?

This allows to include verification of the 'rosa_creator_arn' cluster property to ensure that the populated user is valid and exists in the customer account

Which Jira/Github issue(s) this PR fixes?

_Fixes #OCM-16226

Special notes for your reviewer:

Pre-checks (if applicable):

  • [x] Tested latest changes against a cluster

  • [ ] Included documentation changes with PR

  • [ ] If this is a new object that is not intended for the FedRAMP environment (if unsure, please reach out to team FedRAMP), please exclude it with:

    matchExpressions:
- key: api.openshift.com/fedramp
  operator: NotIn
  values: ["true"]

gdbranco avatar Jul 09 '25 13:07 gdbranco

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: gdbranco Once this PR has been reviewed and has the lgtm label, please assign fahlmant for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci[bot] avatar Jul 09 '25 13:07 openshift-ci[bot]

@gdbranco: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/checklinks-pr 99f26de2e09416dc34d7731b8928b55e301f4c9c link false /test checklinks-pr

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci[bot] avatar Jul 09 '25 14:07 openshift-ci[bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar Oct 08 '25 01:10 openshift-bot

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot avatar Nov 07 '25 08:11 openshift-bot

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

openshift-bot avatar Dec 08 '25 00:12 openshift-bot

@openshift-bot: Closed this PR.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci[bot] avatar Dec 08 '25 00:12 openshift-ci[bot]