Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

roleassignment external-name not unique #219

Open
yehlo opened this issue Dec 18, 2024 · 1 comment
Open

roleassignment external-name not unique #219

yehlo opened this issue Dec 18, 2024 · 1 comment

Comments

@yehlo
Copy link

yehlo commented Dec 18, 2024
edited
Loading

Crossplane Version

v1.18

Crossplane Grafana Provider Version

v0.22.0

Affected Resource(s)

  • roleassignments.enterprise.grafana.crossplane.io

YAML resources

apiVersion: v1
items:
- apiVersion: enterprise.grafana.crossplane.io/v1alpha1
  kind: RoleAssignment
  metadata:
    annotations:
      crossplane.io/external-name: 1:fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw
    name: example1
  spec:
    deletionPolicy: Delete
    forProvider:
      roleUid: fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw
      teamRefs:
      - name: team1
      teams:
      - "1:44"
    initProvider: {}
    managementPolicies:
    - '*'
    providerConfigRef:
      name: default
  status:
    atProvider:
      id: 1:fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw
      roleUid: fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw
      teams:
      - "44"
- apiVersion: enterprise.grafana.crossplane.io/v1alpha1
  kind: RoleAssignment
  metadata:
    annotations:
      crossplane.io/external-name: 1:fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw
    name: example2
  spec:
    deletionPolicy: Delete
    forProvider:
      roleUid: fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw
      teamRefs:
      - name: team2
      teams:
      - "1:38"
    initProvider: {}
    managementPolicies:
    - '*'
    providerConfigRef:
      name: default
  status:
    atProvider:
      id: 1:fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw
      roleUid: fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw
      teams:
      - "38"
kind: List
metadata:
  resourceVersion: ""

Expected Behavior

Generate a unique external-name foreach unique pair of role and team combinations instead of <orgID>:<roleID> because the same role within the same organization could be reused multiple times. Thus also creating a new assignment in Grafana.

External-Name should probably look something like <orgID>:<teamID>:<roleID> In my examples:

  • 1:44:fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw
  • 1:38:fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw

Actual Behavior

The external-name ignores the team in the external-name and thus only creates one assignment for the org and role combination. Meaning one of n teams will get the actual assignment.

If you delete the assignment manually you can see that another role gets the assignment.

Steps to Reproduce

  1. Create two seperate teams
  2. Create two seperate assignments for built-in explore role (fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw)
  3. see that the same external-name is used and only one team in Grafana has the additional role added

Important Factoids

Grafana Enterprise is needed for this

References

No response

Edit: upgraded provider from v0.18.0 to v0.22.0 without any changes in the behavior
@yehlo
Copy link
Author

yehlo commented Dec 18, 2024

As a workaround I will generate a unique role per team and assign it like this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yehlo