Skip to content

Adding delete to modulebuildsignconfigs rbac#1750

Merged
ybettan merged 1 commit intorh-ecosystem-edge:mainfrom
TomerNewman:bugfix/add-mbsc-delete-rbac
Feb 19, 2026
Merged

Adding delete to modulebuildsignconfigs rbac#1750
ybettan merged 1 commit intorh-ecosystem-edge:mainfrom
TomerNewman:bugfix/add-mbsc-delete-rbac

Conversation

@TomerNewman
Copy link
Copy Markdown
Member

@TomerNewman TomerNewman commented Feb 17, 2026

Following #1725 commit, we now deleting mbsc resources from the controllers (regular + hub) pods, but since we missed the rbac annotation for that, it failed to delete.
This commits adds the missing rbac annotation.


/cc @ybettan @yevgeny-shnaidman


fixes #1751

Summary by CodeRabbit

  • Chores
    • Updated operator RBAC permissions to grant delete capability for module build sign configurations across all cluster roles and operator service manifests.
    • Reorganized and consolidated module build sign configuration permissions with boot module configurations in role definitions.
    • Updated service version metadata timestamps.

@netlify
Copy link
Copy Markdown

netlify Bot commented Feb 17, 2026

Deploy Preview for openshift-kmm ready!

Name Link
🔨 Latest commit a6ba8d3
🔍 Latest deploy log https://app.netlify.com/projects/openshift-kmm/deploys/69947dde855dfa0008e6e387
😎 Deploy Preview https://deploy-preview-1750--openshift-kmm.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Feb 17, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: TomerNewman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Feb 17, 2026

Note

Reviews paused

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

RBAC permissions are being updated and consolidated across manifest files and controller annotations. The delete verb is being added to modulebuildsignconfigs resource permissions, and modulebuildsignconfigs is consolidated under the same rule as bootmoduleconfigs in select manifest files. ClusterServiceVersion timestamps are updated.

Changes

Cohort / File(s) Summary
Bundle ClusterServiceVersion manifests
bundle-hub/manifests/kernel-module-management-hub.clusterserviceversion.yaml, bundle/manifests/kernel-module-management.clusterserviceversion.yaml
Updated timestamps and added delete verb to modulebuildsignconfigs permissions. In main bundle, consolidated modulebuildsignconfigs from separate rule into same rule as bootmoduleconfigs under kmm.sigs.x-k8s.io group.
RBAC config roles
config/rbac-hub/role.yaml, config/rbac/role.yaml
Added delete verb for modulebuildsignconfigs resource. In main config, consolidated modulebuildsignconfigs under bootmoduleconfigs rule and removed separate rule block.
Controller RBAC annotations
internal/controllers/.../managedclustermodule_reconciler.go, internal/controllers/module_reconciler.go
Added delete verb to RBAC KBMarker annotations for modulebuildsignconfigs resource.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

Suggested labels

lgtm

Suggested reviewers

  • ybettan
  • yevgeny-shnaidman
🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title 'Adding delete to modulebuildsignconfigs rbac' directly and clearly describes the primary change across all modified files—adding delete verb permissions to modulebuildsignconfigs resources in RBAC configurations.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@TomerNewman
Copy link
Copy Markdown
Member Author

/hold

@TomerNewman
Copy link
Copy Markdown
Member Author

@coderabbitai pause

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Feb 17, 2026

✅ Actions performed

Reviews paused.

@TomerNewman
Copy link
Copy Markdown
Member Author

/unhold

Following "Add imageRebuildTrigger field to force
module image rebuilds" commit, we now deleting mbsc
 resources from the controllers (regular + hub) pods,
but since we missed the rbac annotation for that,
it failed to delete.
This commits adds the missing rbac annotation.
@TomerNewman TomerNewman force-pushed the bugfix/add-mbsc-delete-rbac branch from 3e662d8 to a6ba8d3 Compare February 17, 2026 14:40
@TomerNewman
Copy link
Copy Markdown
Member Author

/retest

2 similar comments
@TomerNewman
Copy link
Copy Markdown
Member Author

/retest

@TomerNewman
Copy link
Copy Markdown
Member Author

/retest

@ybettan
Copy link
Copy Markdown
Member

ybettan commented Feb 18, 2026

/lgtm

1 similar comment
@ybettan
Copy link
Copy Markdown
Member

ybettan commented Feb 18, 2026

/lgtm

@TomerNewman
Copy link
Copy Markdown
Member Author

/retest

@ybettan
Copy link
Copy Markdown
Member

ybettan commented Feb 18, 2026

/retest
No cluster in the pool are available

@TomerNewman
Copy link
Copy Markdown
Member Author

/retest

2 similar comments
@TomerNewman
Copy link
Copy Markdown
Member Author

/retest

@TomerNewman
Copy link
Copy Markdown
Member Author

/retest

@TomerNewman
Copy link
Copy Markdown
Member Author

/lgtm

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Feb 18, 2026

@TomerNewman: you cannot LGTM your own PR.

Details

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@ybettan
Copy link
Copy Markdown
Member

ybettan commented Feb 18, 2026

/lgtm

@TomerNewman
Copy link
Copy Markdown
Member Author

/retest

@TomerNewman
Copy link
Copy Markdown
Member Author

TomerNewman commented Feb 19, 2026

/override e2e
/override e2e-hub
/override operator-upgrade
/override operator-hub-upgrade

There is an issue with the ci clusterpool so no cluster is accecible for us.
since this commit only adds a single mbsc rbac, we can skip the tests.

see here for more reference

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Feb 19, 2026

@TomerNewman: /override requires failed status contexts, check run or a prowjob name to operate on.
The following unknown contexts/checkruns were given:

  • e2e
  • e2e-hub
  • operator-hub-upgrade
  • operator-upgrade

Only the following failed contexts/checkruns were expected:

  • CodeRabbit
  • ci/prow/build
  • ci/prow/check-api-changes
  • ci/prow/check-commits-count
  • ci/prow/ci-bundle-hub-operator-bundle
  • ci/prow/ci-bundle-operator-bundle
  • ci/prow/e2e
  • ci/prow/e2e-hub
  • ci/prow/images
  • ci/prow/lint
  • ci/prow/operator-hub-upgrade
  • ci/prow/operator-upgrade
  • ci/prow/security
  • ci/prow/unit-tests
  • netlify/openshift-kmm/deploy-preview
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-build
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-check-api-changes
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-check-commits-count
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-ci-bundle-hub-operator-bundle
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-ci-bundle-operator-bundle
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-e2e
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-e2e-hub
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-images
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-lint
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-operator-hub-upgrade
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-operator-upgrade
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-security
  • pull-ci-rh-ecosystem-edge-kernel-module-management-main-unit-tests
  • tide

If you are trying to override a checkrun that has a space in it, you must put a double quote on the context.

Details

In response to this:

/override e2e
/override e2e-hub
/override operator-upgrade
/override operator-hub-upgrade

There is an issue with the ci clusterpool so no cluster is accecible for us.
since this commit only adds a single mbsc rbac, we can skip the tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@TomerNewman
Copy link
Copy Markdown
Member Author

/override ci/prow/e2e
/override ci/prow/e2e-hub
/override ci/prow/operator-upgrade
/override ci/prow/operator-hub-upgrade

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Feb 19, 2026

@TomerNewman: Overrode contexts on behalf of TomerNewman: ci/prow/e2e, ci/prow/e2e-hub, ci/prow/operator-hub-upgrade, ci/prow/operator-upgrade

Details

In response to this:

/override ci/prow/e2e
/override ci/prow/e2e-hub
/override ci/prow/operator-upgrade
/override ci/prow/operator-hub-upgrade

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@ybettan ybettan merged commit 5efc539 into rh-ecosystem-edge:main Feb 19, 2026
20 of 21 checks passed
@TomerNewman TomerNewman deleted the bugfix/add-mbsc-delete-rbac branch February 19, 2026 09:06
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Feb 19, 2026

@TomerNewman: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/operator-hub-upgrade a6ba8d3 link unknown /test operator-hub-upgrade
ci/prow/e2e a6ba8d3 link unknown /test e2e
ci/prow/operator-upgrade a6ba8d3 link unknown /test operator-upgrade
ci/prow/e2e-hub a6ba8d3 link unknown /test e2e-hub

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Cherry-picking error for 260716f343d783ac7fbf8af0d2285e037c628458

2 participants