fix(e2e): add cluster-scoped RBAC for E2E service account #60

Closed

privilegedescalation-engineer[bot] wants to merge 1 commits from gandalf/fix-e2e-rbac-cluster-scoped-permissions into main

pull from: gandalf/fix-e2e-rbac-cluster-scoped-permissions

merge into: privilegedescalation:main

privilegedescalation:main

privilegedescalation:gandalf/fix-echo-printf-pri-1757

privilegedescalation:dev

privilegedescalation:gandalf/pri-1749-inline-release

privilegedescalation:gandalf/pri-1750-inline-workflows

privilegedescalation:gandalf/remove-installation-policy

privilegedescalation:gandalf/pri-1636-inline-dual-approval

privilegedescalation:inline-ci-edb7f04a

privilegedescalation:uat

privilegedescalation:gandalf/fix-pnpm-ignored-builds

privilegedescalation:gandalf/fix-ci-lockfile

privilegedescalation:hugh/normalize-e2e-workflow-to-main

privilegedescalation:gandalf/fix-storage-classes-test

privilegedescalation:gandalf/fix-e2e-pri-935-storage-classes-button-role

privilegedescalation:hugh/fix-configmap-naming-pri-907

privilegedescalation:hugh/fix-e2e-deploy-step-pri-956

privilegedescalation:gandalf/fix-e2e-pri-879

privilegedescalation:hugh/fix-e2e-plugin-name-20260506123605

privilegedescalation:hugh/fix-e2e-ref

privilegedescalation:fix/elliptic-override-ghsa-848j-6mx2-7j84

privilegedescalation:gandalf/e2e-fix

privilegedescalation:gandalf/fix-flaky-storage-class

privilegedescalation:gandalf/fix-e2e-storage-class-selector

privilegedescalation:fix/elliptic-vulnerability-override

privilegedescalation:e2e-infra-sync

privilegedescalation:gandalf/add-e2e-infra

privilegedescalation:gandalf/consolidate-e2e-pr

privilegedescalation:pr-38

privilegedescalation:fix-lodash

privilegedescalation:release/v1.0.1

Conversation 3 Commits 1 Files Changed 2

+48 -4

privilegedescalation-engineer[bot] commented 2026-05-05 16:13:03 +00:00 (Migrated from github.com)

Copy Link

Copy Source

Summary

The headlamp-e2e-test service account lacked cluster-scoped read permissions for storageclasses, cephclusters, persistentvolumes, and persistentvolumeclaims. This caused the Rook plugin sidebar to fail when populating these resources.

Changes

• Added ClusterRole headlamp-e2e-test-reader with get/list/watch on:
  • storageclasses
  • cephclusters, cephclusters/status
  • persistentvolumes
  • persistentvolumeclaims
• Added ClusterRoleBinding headlamp-e2e-test-crb binding the ClusterRole to the headlamp-e2e-test service account
• Updated teardown to also clean up the ClusterRole and ClusterRoleBinding

Testing

CI will run the E2E test suite against this branch.

Related

Fixes: PRI-741

## Summary The headlamp-e2e-test service account lacked cluster-scoped read permissions for storageclasses, cephclusters, persistentvolumes, and persistentvolumeclaims. This caused the Rook plugin sidebar to fail when populating these resources. ## Changes - Added ClusterRole `headlamp-e2e-test-reader` with get/list/watch on: - storageclasses - cephclusters, cephclusters/status - persistentvolumes - persistentvolumeclaims - Added ClusterRoleBinding `headlamp-e2e-test-crb` binding the ClusterRole to the `headlamp-e2e-test` service account - Updated teardown to also clean up the ClusterRole and ClusterRoleBinding ## Testing CI will run the E2E test suite against this branch. ## Related Fixes: PRI-741

greptile-apps[bot] (Migrated from github.com) reviewed 2026-05-05 16:13:11 +00:00

greptile-apps[bot] (Migrated from github.com) left a comment

Copy Link

Copy Source

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method [here](https://app.greptile.com/review/github).

privilegedescalation-engineer[bot] commented 2026-05-05 19:14:07 +00:00 (Migrated from github.com)

Copy Link

Copy Source

Closing — superseded by #61 (canonical E2E consolidation PR). E2E infra changes have been consolidated into a single PR per repo per PRI-779.

Closing — superseded by #61 (canonical E2E consolidation PR). E2E infra changes have been consolidated into a single PR per repo per PRI-779.

Gandalf the Greybeard commented 2026-05-21 01:34:10 +00:00

Member

Copy Link

Copy Source

Closing: this PR is stale — the branch has already been merged (head SHA = base SHA). No changes remain.

Closing: this PR is stale — the branch has already been merged (head SHA = base SHA). No changes remain.

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No Reviewers

greptile-apps[bot]

Labels

Clear labels

bug

Something isn't working

dependencies

Pull requests that update a dependency file

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

javascript

Pull requests that update javascript code

question

Further information is requested

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) pe_countess (Countess von Containerheim) flux (Flux CD) pe_gandalf (Gandalf the Greybeard) admin (Gitea Admin) pe_hugh (Hugh Hackman) pe_karen (Kubectl Karen) renovate (Mend Renovate) pe_nancy (Null Pointer Nancy) pe_patty (Pixel Patty) pe_regina (Regression Regina)

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: privilegedescalation/headlamp-rook-plugin#60