enable personal subject access review #1186
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
@ncdc fyi, this is part of what would enable the registry to check access, given an auth token |
deads2k
force-pushed
the
deads-personal-subject-access-review
branch
from
7e12e70 to
c628db6
Compare
Contributor
Author
|
rebased. |
deads2k
force-pushed
the
deads-personal-subject-access-review
branch
from
c628db6 to
c2cc675
Compare
Contributor
|
Rebase again |
deads2k
force-pushed
the
deads-personal-subject-access-review
branch
from
c2cc675 to
9b9bc0a
Compare
Contributor
Author
|
rebased again. |
Contributor
Author
There was a problem hiding this comment.
If the names match, then conversions get crazy as automatic attempts are made to map unlike types in defaultconversions. Different names allows stock usage of default conversion and makes any lapses in proper overlapping leap out during unit tests.
Contributor
Author
|
comments addressed. |
Contributor
There was a problem hiding this comment.
please, let us have a variable named "HomeSlice" at some point
deads2k
force-pushed
the
deads-personal-subject-access-review
branch
from
69a4341 to
5b57b99
Compare
Contributor
|
LGTM, I know @pravisankar is waiting on this |
Contributor
Author
|
[merge] |
Contributor
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_openshift3/1126/) (Image: devenv-fedora_985) |
Contributor
|
Evaluated for origin up to 5b57b99 |
openshift-bot
pushed a commit
that referenced
this pull request
Mar 5, 2015
…eview Merged by openshift-bot
jboyd01
pushed a commit
to jboyd01/origin
that referenced
this pull request
Sep 20, 2017
…service-catalog/' changes from ae6b643caf..50e234de83 50e234de83 origin build: add origin tooling 092d7f8 Fix typos and resource names in walkthrough e2e logs (openshift#1237) d25bd11 Archive the old agenda doc, link to new one (openshift#1243) 6192d14 fix lint errors (openshift#1242) d103dad Fix lint errors and regenerate openapi (openshift#1238) e9328d3 Broker Relist (openshift#1183) b0f3222 Correct the reasons and messages set on the ready condition during async polling (openshift#1235) d2bb82f Re-enable the href checker (openshift#1232) 2c29654 Use feature gates in controller-manager (openshift#1231) 699eab9 switch build to go1.9 (openshift#1155) 7529ed8 broker resource secret authorization checking (openshift#1186) 50d9bdf v0.0.20 chart updates (openshift#1228) REVERT: ae6b643caf Use oc adm instead of oadm which might not exist in various installations. REVERT: 66a4eb2a2c Update instructions... will remove once documented elsewhere REVERT: 1b704d1530 replace build context setup with init containers REVERT: ee4df18c7f hack/lib: dedup os::util::host_platform and os::build::host_platform REVERT: 1cd6dfa998 origin: Switch out owners to Red Hatters REVERT: 664f4d318f Add instructions for syncing repos REVERT: 2f2cdd546b origin-build: delete files with colon in them REVERT: cdf8b12848 origin-build: don't build user-broker REVERT: ebfede9056 origin build: add _output to .gitignore REVERT: 55412c7e3d origin build: make build-go and build-cross work REVERT: 68c74ff4ae origin build: modify hard coded path REVERT: 3d41a217f6 origin build: add origin tooling git-subtree-dir: cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog git-subtree-split: 50e234de836b5e7c9e3d7d763847b99a0f0ea500
jboyd01
pushed a commit
to jboyd01/origin
that referenced
this pull request
Sep 21, 2017
…service-catalog/' changes from ae6b643caf..06b897d198 06b897d198 origin build: add origin tooling 092d7f8 Fix typos and resource names in walkthrough e2e logs (openshift#1237) d25bd11 Archive the old agenda doc, link to new one (openshift#1243) 6192d14 fix lint errors (openshift#1242) d103dad Fix lint errors and regenerate openapi (openshift#1238) e9328d3 Broker Relist (openshift#1183) b0f3222 Correct the reasons and messages set on the ready condition during async polling (openshift#1235) d2bb82f Re-enable the href checker (openshift#1232) 2c29654 Use feature gates in controller-manager (openshift#1231) 699eab9 switch build to go1.9 (openshift#1155) 7529ed8 broker resource secret authorization checking (openshift#1186) 50d9bdf v0.0.20 chart updates (openshift#1228) REVERT: ae6b643caf Use oc adm instead of oadm which might not exist in various installations. REVERT: 66a4eb2a2c Update instructions... will remove once documented elsewhere REVERT: 1b704d1530 replace build context setup with init containers REVERT: ee4df18c7f hack/lib: dedup os::util::host_platform and os::build::host_platform REVERT: 1cd6dfa998 origin: Switch out owners to Red Hatters REVERT: 664f4d318f Add instructions for syncing repos REVERT: 2f2cdd546b origin-build: delete files with colon in them REVERT: cdf8b12848 origin-build: don't build user-broker REVERT: ebfede9056 origin build: add _output to .gitignore REVERT: 55412c7e3d origin build: make build-go and build-cross work REVERT: 68c74ff4ae origin build: modify hard coded path REVERT: 3d41a217f6 origin build: add origin tooling git-subtree-dir: cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog git-subtree-split: 06b897d1988a5a3c035c5a971c15b97cbc732918
jpeeler
pushed a commit
to jpeeler/origin
that referenced
this pull request
Feb 1, 2018
* Implement admission controller for broker SAR This adds a subject access review check to ensure that the brokers authentication secret is allowed access for a given user. * Wire SAR admission controller into apiserver and helm
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
adds
Keep in my that default policy doesn't allow subject access reviews for self. We need find grained policy controls before that is possible
@liggitt supercedes #1180