Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add local subject access review API #32407

Merged
merged 2 commits into from
Sep 14, 2016
Merged

add local subject access review API #32407

merged 2 commits into from
Sep 14, 2016

Conversation

deads2k
Copy link
Contributor

@deads2k deads2k commented Sep 9, 2016
edited by k8s-oncall
Loading

Adds a local subject access review endpoint to allow a project-admin (someone with full rights within a namespace) the power to inspect whether a person can perform an action in his namespace. This is a separate resource be factoring like this ensures that it is impossible for him to look outside his namespace and makes it possible to create authorization rules that can restrict this power to a project-admin in his own namespace. Other factorings require introspection of objects.

@kubernetes/sig-auth

This change is Reviewable

@deads2k deads2k added this to the v1.5 milestone Sep 9, 2016
@k8s-github-robot k8s-github-robot added kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. release-note-label-needed labels Sep 9, 2016
@deads2k deads2k assigned liggitt and unassigned lavalamp Sep 9, 2016
liggitt
liggitt reviewed Sep 9, 2016
View reviewed changes
...ated/internalclientset/typed/authorization/unversioned/localsubjectaccessreview_expansion.go
Create(sar *authorizationapi.LocalSubjectAccessReview) (result *authorizationapi.LocalSubjectAccessReview, err error)
}

func (c *localSubjectAccessReviews) Create(sar *authorizationapi.LocalSubjectAccessReview) (result *authorizationapi.LocalSubjectAccessReview, err error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you'll need to manually create this for the fake generated client as well, right?

@liggitt
Copy link
Member

liggitt commented Sep 9, 2016

surprised there were no doc changes for the endpoint. do we need to hook up api doc generation for this api group?

@liggitt
Copy link
Member

liggitt commented Sep 9, 2016

oh, no :)

FAILED   hack/make-rules/../../hack/verify-generated-docs.sh    104s
FAILED   hack/make-rules/../../hack/verify-golint.sh    20s
FAILED   hack/make-rules/../../hack/verify-swagger-spec.sh  107s

@deads2k
Copy link
Contributor Author

deads2k commented Sep 9, 2016

oh, no :)

Eh, assume I fix up the quibbling generators.

@liggitt
Copy link
Member

liggitt commented Sep 9, 2016

LGTM, modulo fake client method and generated bits

@liggitt liggitt added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-label-needed labels Sep 9, 2016
@deads2k deads2k added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 12, 2016
@deads2k
Copy link
Contributor Author

deads2k commented Sep 12, 2016

Junit didn't report

@k8s-github-robot
Copy link

@deads2k
You must link to the test flake issue which caused you to request this manual re-test.
Re-test requests should be in the form of: k8s-bot test this issue: #<number>
Here is the list of open test flakes.

@deads2k deads2k added lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Sep 13, 2016
@deads2k deads2k added lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Sep 13, 2016
@k8s-bot
Copy link

k8s-bot commented Sep 14, 2016

GCE e2e build/test passed for commit e5dbfda.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit b256b07 into kubernetes:master Sep 14, 2016
@wongma7 wongma7 mentioned this pull request Sep 30, 2016
Merged
k8s-github-robot pushed a commit that referenced this pull request Oct 1, 2016
Merge pull request #33868 from wongma7/update-1.4-clientset
e8ae960 
Automatic merge from submit-queue

Run hack/update-codegen.sh in release-1.4 for generating an updated 1.4 clientset

@caesarxuchao doing steps 1 and 2 as described here #33851 (comment)

adds apps, authentication, certificates, rbac, and storage.

The reason there are substantial deletions (aside from the oneliner "this package is generated by client-gen with arguments...") is because PR #32407 added a resource to the 1.4 clientset even though the resource is not present in 1.4 and the PR is targeted to 1.5. So this corrects that, as a bonus.
@deads2k deads2k deleted the authz-01-lsar branch February 1, 2017 17:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@liggitt liggitt

Labels
kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
v1.5
Development

Successfully merging this pull request may close these issues.
6 participants
@deads2k @liggitt @k8s-github-robot @k8s-bot @lavalamp @googlebot