Create a separate group with etcd admin access

[serathius]

I'm working on Antithesis integration as proposed in etcd-io/etcd#19299.

We would like to setup a github workflow that calls a third party service with credentials. This should be doable by setting up a secret in github actions as described in https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions. At the moment no etcd maintainer has permissions to do that.

I get permission I copied the the etcd-operator-admins group and I would like to give admin access to SIG etcd leads.
Can be temporary just for the secret setup.

/cc @ahrtr @jmhbnz @ivanvc @wenjiaswe

[ahrtr]

/lgtm
/approve

Can be temporary just for the secret setup.

Do you mean the team etcd-admins will be removed once it isn't needed anymore (e.g. after the secret setup is done)?

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahrtr, serathius

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• config/etcd-io/sig-etcd/OWNERS [ahrtr,serathius]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ahrtr]

Oh, I should hold the PR until other maintainers review :(

[jmhbnz]

Just a note to confirm it is intentional that from a day to day perspective we operate without admin privilege on repositories.

When situations like this pop up where we require admin we historically have just temporarily bumped the permissions for maintainers-etcd group to move it from maintain ---> admin and then revert the commit once neccessary changes are complete. Example is: #5360

No issues with this pr - let's just revert the new group once any necessary changes to enable Antithesis integration have wrapped up and return to our least privilege operating principle.