Skip to content

Commit

Permalink
Change the SAR explanation in the webhook
Browse files Browse the repository at this point in the history 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
  • Loading branch information
@JoshVanL
JoshVanL committed May 17, 2021
1 parent bc0f822 commit 7394d8d
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions design/20190708.certificate-request-crd.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -274,9 +274,10 @@ rules:
These permissions are enforced using a
[SubjectAccessReview](https://github.com/kubernetes/kubernetes/blob/b11d0fbdd58394a62622787b38e98a620df82750/pkg/apis/authorization/types.go#L27)
that is performed in the cert-manager Webhook component when a user attempts to
set the Approve or Denied condition. The user of the approver is tested along
with the IssuerRef of the CertificateRequest.
that is requested by the cert-manager Webhook component when an approver
attempts to set the Approve or Denied condition. The approver UserInfo and
IssuerRef fields on the CertificateRequest are used to build the
SubjectAccessReview.
If the approver does not have sufficient permissions defined above to set the
Approved or Denied conditions, the request will be rejected by the cert-manager
Expand Down

0 comments on commit 7394d8d

Please sign in to comment.