[v18] Update RBAC instructions for the Jira plugin#66248
Conversation
ptgott
added
the
no-changelog
|
Amplify deployment status
|
github-actions
Bot
requested review from
mmcallister,
programmerq and
smallinsky
ptgott
force-pushed
the
bot/backport-65190-branch/v18
branch
from
807b49f to
407155e
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 407155efa8
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
ptgott
force-pushed
the
bot/backport-65190-branch/v18
branch
from
407155e to
63aae80
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 63aae805a2
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
public-teleport-github-review-bot
Bot
removed request for
programmerq and
smallinsky
This comment was marked as resolved.
This comment was marked as resolved.
public-teleport-github-review-bot
Bot
removed request for
programmerq and
smallinsky
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 579673e15c
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| </TabItem> | ||
| <TabItem label="Long-lived identity files"> | ||
| (!docs/pages/includes/plugins/rbac-impersonate.mdx!) | ||
| (!docs/pages/includes/plugins/rbac-update.mdx!) |
There was a problem hiding this comment.
In this commit, the Jira guide’s long-lived credentials path now includes rbac-update.mdx (docs/pages/identity-governance/access-requests/plugins/jira.mdx), but that include still defines access_plugin_data with only verbs: ['update'] (docs/pages/includes/plugins/rbac-update.mdx:19-20). The plugin reads plugin data before writing it, and GetPluginData enforces list/read authorization (lib/auth/auth_with_roles.go:3325-3337), so operators following this flow can hit access-denied errors during normal request synchronization. Please add list and read to this role (or point to the preset role with equivalent permissions).
Useful? React with 👍 / 👎.
Closes #62251 Edit the Jira plugin guide to note that the role given to the Access Request plugin must be able to update Access Requests. - Use the existing `rbac-update.mdx` plugin to explain how to create a role that can update Access Requests and impersonate a user with that role. - Inline the Machine ID partial in Step 2 and edit the content to include a custom role.
In #65190, we inadvertently introduced two small issues, which this change fixes: - Remove a reference to a nonexistent role. This was a mistake due to a find/replace operation. - Add full permissions to the access-plugin-update role. The Jira Access Request plugin needs to list and read `access_plugin_data`, not just create it.
ptgott
force-pushed
the
bot/backport-65190-branch/v18
branch
from
579673e to
4b89c8a
Compare
|
Need to cherry-pick this PR once it merges to resolve the Codex feedback: |
3 participants
Backport #65190 to branch/v18