privilegedescalation/headlamp-polaris-plugin
Archived
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity

Apply RBAC manifest in CI before pre-flight check

Browse Source 
Make the E2E workflow self-sufficient by applying the polaris-rbac.yaml
manifest before the pre-flight check, instead of requiring manual
cluster pre-configuration.

Before: workflow checked for RBAC and failed fast, but had no mechanism
to apply it — it was purely a detection step.
After: workflow applies the RBAC manifest (idempotent kubectl apply),
then verifies the resources exist as a correctness check.

Also collapses MISSING_ROLE and MISSING_ROLEBINDING into a single
boolean flag and drops the non-standard --quiet flag on kubectl get.

Fixes: PRI-324

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Chris Farhood
2026-05-03 17:51:46 +00:00
committed by Hugh Hackman [agent]
parent 46350c5d57
commit 53475296db
1 changed files with 8 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/e2e.yaml
+8 -19
View File
@@ -45,31 +45,20 @@ jobs:
- name: Setup kubectl
uses: azure/setup-kubectl@v4
- name: Apply RBAC for Polaris dashboard proxy
run: kubectl apply -f deployment/polaris-rbac.yaml
- name: RBAC pre-flight check
run: |
echo "Checking RBAC resources in polaris namespace..."
MISSING_ROLE=false
MISSING_ROLEBINDING=false
if ! kubectl get role polaris-dashboard-proxy-reader -n polaris --quiet 2>/dev/null; then
echo "::error::Role polaris-dashboard-proxy-reader not found in polaris namespace."
MISSING_ROLE=true
fi
if ! kubectl get rolebinding polaris-dashboard-proxy-reader -n polaris --quiet 2>/dev/null; then
echo "::error::RoleBinding polaris-dashboard-proxy-reader not found in polaris namespace."
MISSING_ROLEBINDING=true
fi
if [ "$MISSING_ROLE" = true ] || [ "$MISSING_ROLEBINDING" = true ]; then
echo ""
echo "::error::RBAC not applied. Apply the RBAC manifests before running E2E tests:"
echo "::error:: kubectl apply -f deployment/polaris-rbac.yaml"
if kubectl get role polaris-dashboard-proxy-reader -n polaris -o name >/dev/null 2>&1 && \
kubectl get rolebinding polaris-dashboard-proxy-reader -n polaris -o name >/dev/null 2>&1; then
echo "RBAC pre-flight check passed."
else
echo "::error::Role or RoleBinding not found in polaris namespace after apply."
exit 1
fi
echo "RBAC pre-flight check passed."
- name: Install dependencies
run: npm ci