add resourceName to policy #991
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
deads2k
force-pushed
the
deads-make-user-tilde-work
branch
from
8558428 to
32d9fd0
Compare
pkg/authorization/api/types.go
Outdated
Contributor
There was a problem hiding this comment.
any reason we can't use all []string or StringSet?
Contributor
Author
There was a problem hiding this comment.
any reason we can't use all []string or StringSet?
Task for a different pull? I do want to do it, but it wasn't related to this change.
Contributor
There was a problem hiding this comment.
json tag, probably with omitempty?
Contributor
Author
There was a problem hiding this comment.
json tag, probably with omitempty?
You suggested leaving the off the in-memory types and same reason as above for not stripping all of them.
Contributor
There was a problem hiding this comment.
nm, missed this was the internal one. remove the other json tags in that case
Contributor
Author
|
Comments addressed. |
deads2k
force-pushed
the
deads-make-user-tilde-work
branch
from
e86536a to
5d44753
Compare
Contributor
There was a problem hiding this comment.
not sure I understand the implications of removing this... with the new requestinforesolver, are we handling non-resource urls now?
Contributor
There was a problem hiding this comment.
Yeah, we need to prove that all URLs covered by authorizationFilter can be unauthenticated. Also, this really needs to be worked into the definition of the resources in api_installer (rather than orthogonal).
Contributor
There was a problem hiding this comment.
nm, I see ErrNoStandardParts went away
Contributor
Author
There was a problem hiding this comment.
insecure urls are registered separately now.
deads2k
force-pushed
the
deads-make-user-tilde-work
branch
from
5d44753 to
a03037d
Compare
Contributor
|
LGTM |
deads2k
force-pushed
the
deads-make-user-tilde-work
branch
from
a03037d to
c309a67
Compare
deads2k
force-pushed
the
deads-make-user-tilde-work
branch
from
c309a67 to
f170701
Compare
Contributor
|
[merge] |
Contributor
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_openshift3/907/) (Image: devenv-fedora_779) |
Contributor
|
Evaluated for origin up to f170701 |
openshift-bot
pushed a commit
that referenced
this pull request
Feb 12, 2015
Merged by openshift-bot
jpeeler
pushed a commit
to jpeeler/origin
that referenced
this pull request
Aug 10, 2017
…service-catalog/' changes from 568a7b9..8f07b7b 8f07b7b origin: add required patches ee57bfb Cleanup of ups broker example + making controller follow the OSB API (openshift#807) 45a11ed Revert "Rename our resources to have ServiceCatalog prefix (openshift#1054)" (openshift#1061) 4e47ec1 Rename our resources to have ServiceCatalog prefix (openshift#1054) 2bb334a Rebase on 1.7 API machinery (openshift#944) 5780b59 Run broker reconciler when spec is changed. (openshift#1026) 9c22d04 Merge branch 'pr/1006' d077915 check number of expected events before dereferencing to avoid panic (openshift#1052) 90d615f Merge branch 'pr/1055' bb6d6d8 fix log output to use formatted output (openshift#1056) c7abc81 Adding examples to the README ccc93c9 Remove different-org rule for LGTM (openshift#1050) be04cd5 Allow for a period in the GUID of the External ID (openshift#1034) 8c246df Make it so that binding.spec.secretName defaults to binding name (openshift#851) 6745418 Bump OSB Client (openshift#1049) 8346a0d apiserver etcd healthcheck as suggested to address k/k#48215 (openshift#1039) 11d0d4a use GKE's latest 1.6.X cluster version for Jenkins (openshift#1036) 7d71b5b Cross-build all the things! 8ec0874 RBAC setup behind the aggregator. (openshift#936) 0864a2e Upsert retry loop for Secret, set/check ownerReference for Secret owned by Binding (openshift#979) 6be9886 add info about weekly calls (openshift#1027) a242b26 add OSB API Header version flag (openshift#1014) 66e2ce6 Update REVIEWING doc with changes to LGTM process (openshift#1016) 699e016 Writing the returned progress description from the broker (openshift#998) 02642f4 Adding target to test on the host (openshift#1020) 78ca572 v0.0.13 (openshift#1024) 9e79ec2 use GKE's default K8S version for Jenkins (openshift#1023) d3c915a Fix curl on API server start error (openshift#1015) b50be75 Merge branch 'pr/1013' 2c98ba1 Using tag URLs 687f091 Parameterizing the priority fields 34ed5cd update apiregistration yaml to v1.7 final (openshift#1011) 91fa1ad make e2e look for pods' existence before checking status (openshift#1012) 0f90705 explicitly disable leader election if it is not enabled (openshift#965) f5761e7 controller-manager health checks (openshift#694) da260f2 Add logging for normal Unbind errors (openshift#992) 4c916a5 make the apiserver test use tls (openshift#991) 1a62ecc refactor reconcileBroker (openshift#986) cc179bc Add logging for normal Bind errors (openshift#993) a1458dd add parameterization for user-broker image to e2e tests (openshift#995) fb15891 Bump OSB client (openshift#1000) 79d5206 v0.0.12 (openshift#996) 39c7407 Merge branch 'pr/975' a553b2d Merge branch 'pr/974' d573339 reconcileBinding error checking (openshift#973) 39a1061 Making events and actions checks generic (openshift#960) 73136a4 Bump osb client (openshift#971) 878a987 reconcileInstance error checking in unit-tests 4991d57 reconcileBroker error checking in unit-tests 9ed6812 Extract methods for binding test setup (openshift#961) b69a1ee Make ups-broker return valid unbind response (openshift#964) 8b37d2f Releasing 0.0.11 (openshift#962) 52fec8b Merge branch 'pr/954' d49cdeb Swap client 445fa71 Add dependency on pmorie/go-open-service-broker-client 9f743b2 Instructions for enabling API Aggregation (openshift#895) 512508d Use correct infof calls in controller_manager (openshift#950) 77943ba fix regex that determines if a tag is deployable (openshift#947) 8a226b8 Updates for v0.0.10 release (openshift#943) REVERT: 568a7b9 origin build: add origin tooling git-subtree-dir: cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog git-subtree-split: 8f07b7bbf3acb2b557f23596a92b5e775ae9321c
jpeeler
pushed a commit
to jpeeler/origin
that referenced
this pull request
Feb 1, 2018
- kubectl was hardcoded to use http
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bug 1191851
Adds the ability to specify policy based on ResourceName. ResourceNames is optional, if you do not specify it, then a user has access to all names.
@liggitt