feat(report,operator): add support for least-privilege access by armru · Pull Request #8982 · cloudnative-pg/cloudnative-pg
label
Oct 28, 2025
armru
changed the title
feat(report,operator): support namespace-scoped access
feat(report,operator): reduce required permissions to run
armru
changed the title
feat(report,operator): reduce required permissions to run
feat(report,operator): reduce the required permissions to run
armru
changed the title
feat(report,operator): reduce the required permissions to run
feat(report): enable least-privilege access for report operator command
armru
changed the title
feat(report): enable least-privilege access for report operator command
feat(plugin,report): enable least-privilege access for report operator command
and removed size:L
This PR changes 100-499 lines, ignoring generated files.labels
Oct 28, 2025
armru
changed the title
feat(plugin,report): enable least-privilege access for report operator command
feat(report,operator): support least-privilege access
armru
changed the title
feat(report,operator): support least-privilege access
feat(report,operator): add support for least-privilege access
and removed size:XL
This PR changes 500-999 lines, ignoring generated files.labels
Oct 29, 2025
Enable `cnpg report operator` to work with namespace-scoped permissions by making cluster-scoped resource collection optional instead of required. The command now gracefully handles permission errors for webhooks, webhook services, and OLM resources by logging warnings and continuing report generation with available data, rather than failing completely. Fixes issue where least-privilege users were blocked from generating troubleshooting reports due to missing cluster-level permissions for webhook and OLM resources. Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
and removed size:L
This PR changes 100-499 lines, ignoring generated files.labels
Nov 6, 2025This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters