app top level run as exclude#5714
Conversation
bundle: allow apps alongside top-level run_as; apps ignore the setting ## Changes - Remove the validation error that blocked bundles with app resources from having a top-level `run_as` identity configured. - Apps are not mutated by run_as (the API does not support it), so having run_as in the bundle is valid — the setting is simply skipped. - Add unit tests confirming apps are not mutated and can coexist with jobs that do get run_as applied. - Add acceptance test covering a bundle with an app and a service principal run_as identity. ## Why The previous validation was too strict: it rejected a valid configuration where a user wants run_as on their jobs/pipelines and also has an app in the same bundle. The app just ignores run_as, so there's no reason to block the bundle from validating. ## Tests New unit tests in run_as_test.go and acceptance test in acceptance/bundle/run_as/app_different/.
|
An authorized user can trigger integration tests manually by following the instructions below: Trigger: Inputs:
Checks will be approved automatically on success. |
Approval status: pending
|
1 participant
bundle: allow apps alongside top-level run_as; apps ignore the setting
Changes
from having a top-level
run_asidentity configured.having run_as in the bundle is valid — the setting is simply skipped.
jobs that do get run_as applied.
principal run_as identity.
Why
The previous validation was too strict: it rejected a valid
configuration where a user wants run_as on their jobs/pipelines and
also has an app in the same bundle. The app just ignores run_as, so
there's no reason to block the bundle from validating.
Solves Issue #5091
Tests
New unit tests in run_as_test.go and acceptance test in
acceptance/bundle/run_as/app_different/.