Skip to content

ROX-29006: don't enforce project scope for google registries#14864

Merged
stehessel merged 3 commits intomasterfrom
feat/do-not-scope-google-registry-by-project
May 28, 2025
Merged

ROX-29006: don't enforce project scope for google registries#14864
stehessel merged 3 commits intomasterfrom
feat/do-not-scope-google-registry-by-project

Conversation

@stehessel
Copy link
Collaborator

@stehessel stehessel commented Apr 3, 2025
edited
Loading

Description

Don't enforce a project scope for google registries. The reason is that in setups with many different projects, it is cumbersome to create an integration per project. Instead, it may be more efficient to set proper access permissions on the GCP side, and then allow matching for all projects. This way a single integration may cover multiple projects.

User-facing documentation

  • CHANGELOG is updated OR update is not needed
  • documentation PR is created and is linked above OR is not needed

Testing and quality

  • the change is production ready: the change is GA or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

  • Created service account in project A.
  • Pushed image to artifact registry in project B.
  • Gave access to service account to registry in project B.
  • Scan image using the image integration.

@openshift-ci
Copy link

openshift-ci bot commented Apr 3, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@rhacs-bot
Copy link
Contributor

rhacs-bot commented Apr 3, 2025
edited
Loading

Images are ready for the commit at 6982118.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.8.x-806-g6982118e95.

@codecov
Copy link

codecov bot commented Apr 3, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 49.21%. Comparing base (b45483f) to head (6982118).
Report is 22 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #14864   +/-   ##
=======================================
  Coverage   49.21%   49.21%           
=======================================
  Files        2577     2577           
  Lines      189101   189101           
=======================================
+ Hits        93068    93073    +5     
+ Misses      88695    88692    -3     
+ Partials     7338     7336    -2
Flag Coverage Δ
go-unit-tests 49.21% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@stehessel stehessel force-pushed the feat/do-not-scope-google-registry-by-project branch from ab1def5 to 61b5f19 Compare April 3, 2025 14:13
@stehessel stehessel marked this pull request as ready for review April 4, 2025 10:21
@stehessel stehessel requested review from a team as code owners April 4, 2025 10:21
@stehessel stehessel force-pushed the feat/do-not-scope-google-registry-by-project branch from 61b5f19 to 12df960 Compare April 4, 2025 12:11
RTann
RTann approved these changes Apr 4, 2025
View reviewed changes
Copy link
Contributor

@RTann RTann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM from backend perspective

@stehessel stehessel force-pushed the feat/do-not-scope-google-registry-by-project branch 2 times, most recently from 3e516a4 to dac0124 Compare April 6, 2025 17:48
@stehessel stehessel changed the title feat: don't enforce project scope for google registries ROX-29006: don't enforce project scope for google registries Apr 16, 2025
@stehessel stehessel force-pushed the feat/do-not-scope-google-registry-by-project branch from dac0124 to cba325d Compare April 16, 2025 16:31
@stehessel stehessel force-pushed the feat/do-not-scope-google-registry-by-project branch from cba325d to 6982118 Compare May 26, 2025 12:55
@stehessel stehessel merged commit f56e583 into master May 28, 2025
93 checks passed
@stehessel stehessel deleted the feat/do-not-scope-google-registry-by-project branch May 28, 2025 08:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@RTann RTann RTann approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area/ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stehessel @rhacs-bot @RTann