added permission check for secrets (#14)

* added permission check for secrets * typo in subresource * moved auth check to the command receiver
2025-12-17 10:16:44 +00:00 · 2022-06-15 14:54:50 +02:00
parent 8ea57170d8
commit de4553f25a
4 changed files with 23 additions and 53 deletions
--- a/packages/k8s/src/hooks/cleanup-job.ts
+++ b/packages/k8s/src/hooks/cleanup-job.ts
@@ -1,6 +1,5 @@
-import { pruneSecrets, prunePods } from '../k8s'
+import { prunePods, pruneSecrets } from '../k8s'

 export async function cleanupJob(): Promise<void> {
-  await prunePods()
-  await pruneSecrets()
+  await Promise.all([prunePods(), pruneSecrets()])
 }
--- a/packages/k8s/src/hooks/prepare-job.ts
+++ b/packages/k8s/src/hooks/prepare-job.ts
@@ -6,11 +6,8 @@ import path from 'path'
 import {
  containerPorts,
  createPod,
-  isAuthPermissionsOK,
  isPodContainerAlpine,
-  namespace,
  prunePods,
-  requiredPermissions,
  waitForPodPhases
 } from '../k8s'
 import {
@@ -30,13 +27,6 @@ export async function prepareJob(
  }

  await prunePods()
-  if (!(await isAuthPermissionsOK())) {
-    throw new Error(
-      `The Service account needs the following permissions ${JSON.stringify(
-        requiredPermissions
-      )} on the pod resource in the '${namespace}' namespace. Please contact your self hosted runner administrator.`
-    )
-  }
  await copyExternalsToRoot()
  let container: k8s.V1Container | undefined = undefined
  if (args.container?.image) {