Revert "chore: add creation date label to GCP IAM policy bindings (#2… by stehessel · Pull Request #21136 · stackrox/stackrox · GitHub
Skip to content

Revert "chore: add creation date label to GCP IAM policy bindings (#2…#21136

Merged
stehessel merged 2 commits into
masterfrom
revert/gcp-iam-binding-condition-creation-date
Jun 15, 2026
Merged

Revert "chore: add creation date label to GCP IAM policy bindings (#2…#21136
stehessel merged 2 commits into
masterfrom
revert/gcp-iam-binding-condition-creation-date

Conversation

@stehessel

@stehessel stehessel commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

…1110)"

This reverts commit 28cf6a9.

Description

Unfortunately gcloud has a (unknown to me) built-in security check, which enforces that if a service account binding with a condition exists, then other bindings without condition can no longer be created unless --condition=None is specified. This is a problem for us because it breaks the existing code on release branches. So before introducing such a condition, we first need to bulletproof the existing code on release branches to make it forward compatible.

Example error:

(gcloud.iam.service-accounts.add-iam-policy-binding) Adding a binding without specifying a condition to a policy containing conditions is prohibited in non-interactive mode. Run the command again with `--condition=None`

Note: This PR has two commits. The first is the revert, the second is adding --condition=None to make sure CI passes.

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

change me!

@stehessel stehessel requested a review from janisz as a code owner June 15, 2026 12:38
@stehessel stehessel requested a review from tommartensen June 15, 2026 12:39
@coderabbitai

coderabbitai Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

@github-actions

github-actions Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

🚀 Build Images Ready

Images are ready for commit a577e37. To use with deploy scripts:

export MAIN_IMAGE_TAG=4.12.x-193-ga577e371b6

@stehessel stehessel mentioned this pull request Jun 15, 2026
Merged
9 tasks
@stehessel

stehessel commented Jun 15, 2026

Copy link
Copy Markdown
Collaborator Author

This was referenced Jun 15, 2026
Merged
Merged
@stehessel stehessel merged commit a577e37 into master Jun 15, 2026
97 of 99 checks passed
@stehessel stehessel deleted the revert/gcp-iam-binding-condition-creation-date branch June 15, 2026 18:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tommartensen tommartensen tommartensen approved these changes
@janisz janisz Awaiting requested review from janisz janisz is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stehessel @tommartensen