Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bind Emergency and Manual Groups same as PowerUser #2358

Merged
merged 2 commits into from
Jul 29, 2019
Merged

Bind Emergency and Manual Groups same as PowerUser #2358

merged 2 commits into from
Jul 29, 2019

Conversation

mikkeloscar
Copy link
Contributor

Binds Emergency and Manual Groups same way as PowerUser since they are defined to have the same permissions.

This is currently done in the auth webhook, but we should migrate to RBAC to fix blacklist/whitelist bugs in the auth webhook.

@mikkeloscar
Bind Emergency and Manual Groups same as PowerUser
cee8195 
Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
@mikkeloscar
Update webhook to block escalate
015400f 
Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
@mikkeloscar
Copy link
Contributor Author

👍

aryszka
aryszka reviewed Jul 29, 2019
View reviewed changes
test/e2e/authorisation_test.go
}
}`,
expect: expect{
status: http.StatusCreated,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just curious: why are we using 201, when the request was rejected?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is how the AccessReview API works. You "create" a review request 201 and then the response is whether the user would have access to perform that action or not.

@aryszka
Copy link
Contributor

aryszka commented Jul 29, 2019

👍

@mikkeloscar mikkeloscar merged commit 36e0b5d into dev Jul 29, 2019
@mikkeloscar mikkeloscar deleted the manual-emergency-rbac branch July 29, 2019 09:49
This was referenced Jul 29, 2019
Merged
Merged
@zalando-teapot-robot zalando-teapot-robot mentioned this pull request Jul 30, 2019
Merged
mikkeloscar added a commit that referenced this pull request Jul 30, 2019
@mikkeloscar
Allow cdp service account to escalate
f85b196 
Partly revert of #2358 to allow only `cdp` service account to `escalate`

Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
@mikkeloscar mikkeloscar mentioned this pull request Jul 30, 2019
Merged
@zalando-teapot-robot zalando-teapot-robot mentioned this pull request Jul 30, 2019
Merged
aermakov-zalando pushed a commit that referenced this pull request Aug 1, 2019
@mikkeloscar @aermakov-zalando
Allow cdp service account to escalate
f03641c 
Partly revert of #2358 to allow only `cdp` service account to `escalate`

Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
@aermakov-zalando aermakov-zalando mentioned this pull request Aug 1, 2019
Merged
aermakov-zalando added a commit that referenced this pull request Aug 1, 2019
@aermakov-zalando
Merge pull request #2390 from zalando-incubator/cherry-pick-to-alpha
d2a00c5 
Cherry-pick #2358 to alpha
This was referenced Aug 1, 2019
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aryszka aryszka aryszka left review comments

Assignees
No one assigned
Labels
merged/alpha merged/beta merged/kube-1.14 merged/stable
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mikkeloscar @aryszka @zalando-teapot-robot