Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Better experience for modifying RoleAssignments #3318

Open
bmwinstead opened this issue Sep 18, 2023 · 2 comments
Open

Feature: Better experience for modifying RoleAssignments #3318

bmwinstead opened this issue Sep 18, 2023 · 2 comments
Labels
new-feature

Comments

@bmwinstead
Copy link

When RoleAssignments are modified, ASO can naively just try to update the existing RoleAssignment object. This results in an error - RoleAssignmentUpdateNotPermitted: Tenant ID, application ID, principal ID, and scope are not allowed to be updated.
This means that externally we have to be responsible for knowing when to, and deleting/recreating the RoleAssignment. It would be cool if ASO either:

  1. Made the fields you can't change immutable in Kubernetes so you can't get into this state.
  2. (preferred, maybe flagged?) Understood when the user was modifying an immutable field and triggered a deletion and re-creation of the underlying RoleAssignment object for you.
@theunrepentantgeek
Copy link
Member

This is a good idea - building on the design of ASO as a goal seeking system.

I'll schedule the design work for this for our next release; once that's done, we can look at where it fits in our backlog.

@theunrepentantgeek theunrepentantgeek added this to the v2.4.0 milestone Sep 19, 2023
@matthchr matthchr modified the milestones: v2.4.0, v2.5.0 Oct 23, 2023
@Roman-Galeev Roman-Galeev mentioned this issue Dec 8, 2023
Closed
@theunrepentantgeek theunrepentantgeek modified the milestones: v2.6.0, v2.7.0 Dec 11, 2023
@matthchr matthchr removed this from the v2.7.0 milestone Feb 22, 2024
@theunrepentantgeek
Copy link
Member

theunrepentantgeek commented Jun 25, 2024
edited
Loading

We need to sort out write-once properties #1443
Some design work is required.

@theunrepentantgeek theunrepentantgeek added this to the v2.9.0 milestone Jun 25, 2024
@matthchr matthchr removed this from the v2.9.0 milestone Jul 1, 2024
@matthchr matthchr mentioned this issue Aug 26, 2024
Closed
@matthchr matthchr added this to the v2.11.0 milestone Aug 26, 2024
@matthchr matthchr modified the milestones: v2.11.0, v2.12.0 Oct 28, 2024
@theunrepentantgeek theunrepentantgeek modified the milestones: v2.12.0, v2.13.0 Nov 18, 2024
@theunrepentantgeek theunrepentantgeek moved this from Backlog to Up Next in Azure Service Operator Roadmap Feb 10, 2025
@theunrepentantgeek theunrepentantgeek removed this from the v2.13.0 milestone Feb 10, 2025
@theunrepentantgeek theunrepentantgeek moved this from Up Next to Backlog in Azure Service Operator Roadmap Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new-feature
Projects
Azure Service Operator Roadmap
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@theunrepentantgeek @bmwinstead @matthchr