88c34c24ba
Caught live on omantel after Fix #19 (#1208) restored /environments/{env}/policy: environmentpolicies.catalyst.openova.io is forbidden: User "system:serviceaccount:catalyst-system:catalyst-api-cutover-driver" cannot list resource environmentpolicies in API group catalyst.openova.io Slice X (#1147) shipped the policy-mode toggle handler. Slice B5 (#1108) shipped the EnvironmentPolicy CRD. Neither slice updated the cutover-driver ClusterRole. Fix #19's handler restoration surfaced the gap end-to-end. Per feedback_chroot_in_cluster_fallback.md: every new GVR added to catalyst-api dynamic-client paths MUST get matching ClusterRole rules in the same PR. Same pattern as PRs #1173/#1179. Live: applied on omantel via kubectl patch + verified TC-101 PUT /environments/test-env/policy returns HTTP 200 with full contract body. Co-authored-by: hatiyildiz <hati.yildiz@openova.io> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| axon | ||
| catalyst | ||
| continuum | ||
| cortex | ||
| dmz-vcluster | ||
| fabric | ||
| fingate | ||
| relay | ||