Skip to content

Apply request.kubernetes_resources allow/deny settings when querying for kube resources#48196

Merged
kimlisa merged 3 commits intomasterfrom
lisa/add-request-type-check
Nov 4, 2024
Merged

Apply request.kubernetes_resources allow/deny settings when querying for kube resources#48196
kimlisa merged 3 commits intomasterfrom
lisa/add-request-type-check

Conversation

@kimlisa
Copy link
Copy Markdown
Contributor

@kimlisa kimlisa commented Oct 31, 2024
edited
Loading

part of #46742

addresses review comment on #47173 (review)

Now, when user query for kube resources, when going through search as roles, ensure that request.kubernetes_resources allow and deny settings are respected for the requested kube resource kind. If no roles matched, the query request will return a access denied error

@kimlisa kimlisa requested review from nklaassen and tigrato October 31, 2024 08:18
@kimlisa kimlisa removed the request for review from gabrielcorado October 31, 2024 08:19
@kimlisa kimlisa force-pushed the lisa/add-request-type-check branch from b243c2f to 70c6e05 Compare October 31, 2024 08:20
@kimlisa kimlisa force-pushed the lisa/add-request-mode-role-option branch from b98a970 to 51998b5 Compare October 31, 2024 15:50
@kimlisa kimlisa force-pushed the lisa/add-request-type-check branch from 70c6e05 to d587dea Compare October 31, 2024 15:51
nklaassen
nklaassen reviewed Oct 31, 2024
View reviewed changes
Comment thread lib/services/role.go Outdated
@kimlisa kimlisa force-pushed the lisa/add-request-mode-role-option branch 2 times, most recently from d69b2f5 to f8dc68e Compare November 1, 2024 00:07
Base automatically changed from lisa/add-request-mode-role-option to master November 1, 2024 04:05
@kimlisa kimlisa force-pushed the lisa/add-request-type-check branch from d587dea to c97e134 Compare November 1, 2024 09:06
@kimlisa kimlisa requested a review from nklaassen November 1, 2024 09:08
nklaassen
nklaassen reviewed Nov 1, 2024
View reviewed changes
Comment thread lib/services/role.go
Comment thread lib/services/role.go Outdated
@kimlisa kimlisa force-pushed the lisa/add-request-type-check branch from 565c6e2 to a4fe48c Compare November 1, 2024 19:27
@kimlisa kimlisa requested a review from nklaassen November 1, 2024 19:36
@kimlisa kimlisa added the no-changelog Indicates that a PR does not require a changelog entry label Nov 4, 2024
@kimlisa kimlisa enabled auto-merge November 4, 2024 17:07
@kimlisa kimlisa added this pull request to the merge queue Nov 4, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Nov 4, 2024
@kimlisa kimlisa added this pull request to the merge queue Nov 4, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Nov 4, 2024
@kimlisa kimlisa enabled auto-merge November 4, 2024 17:49
@kimlisa kimlisa added this pull request to the merge queue Nov 4, 2024
Merged via the queue into master with commit 65b65f8 Nov 4, 2024
@kimlisa kimlisa deleted the lisa/add-request-type-check branch November 4, 2024 18:31
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Nov 4, 2024

@kimlisa See the table below for backport results.

Branch Result
branch/v16 Create PR
branch/v17 Create PR

This was referenced Nov 4, 2024
Merged
Closed
kimlisa added a commit that referenced this pull request Nov 4, 2024
@kimlisa
Apply request.kubernetes_resources allow/deny settings when querying …
e7cb2e2 
…for kube resources (#48196)

* Apply request.kubernetes_resources allow/deny when querying for kube resources

* Address CR
@kimlisa kimlisa mentioned this pull request Nov 4, 2024
Merged
kimlisa added a commit that referenced this pull request Nov 5, 2024
@kimlisa
Apply request.kubernetes_resources allow/deny settings when querying …
2e1fc23 
…for kube resources (#48196)

* Apply request.kubernetes_resources allow/deny when querying for kube resources

* Address CR
github-merge-queue Bot pushed a commit that referenced this pull request Nov 6, 2024
@kimlisa
[v16] Add a new role.allow.request field called kubernetes_resources (
fa25dd5 
#48387)

* Add a new `role.allow.request` field called `kubernetes_resources` (#47173)

* Add a new role.allow.request field called kubernetes_resources

* Fix lint: update terraform docs

* Apply request.kubernetes_resources allow/deny settings when querying for kube resources (#48196)

* Apply request.kubernetes_resources allow/deny when querying for kube resources

* Address CR

* Replace unsupported library funcs

* Add missing role conditions getter
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tigrato tigrato tigrato approved these changes

@nklaassen nklaassen nklaassen approved these changes

Assignees

No one assigned

Labels

backport/branch/v17 kubernetes-access no-changelog Indicates that a PR does not require a changelog entry size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kimlisa @tigrato @nklaassen