Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow restricting subresource access #29988

Merged
merged 1 commit into from
Aug 3, 2016
Merged

allow restricting subresource access #29988

merged 1 commit into from
Aug 3, 2016
+52 −17

Conversation

deads2k
Copy link
Contributor

@deads2k deads2k commented Aug 3, 2016
edited by k8s-oncall
Loading

Looks like subresource resolution got lost in the port. Adding it back in as "resource/subresource". That allows easy expression of rules and we can later allow something like "*/subresource" to handle cases like the hpa controller.

@kubernetes/sig-auth

This change is Reviewable

@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-label-needed labels Aug 3, 2016
@k8s-bot
Copy link

k8s-bot commented Aug 3, 2016

GCE e2e build/test passed for commit 1e7adaa.

@liggitt
Copy link
Member

liggitt commented Aug 3, 2016

LGTM

@deads2k deads2k added lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels Aug 3, 2016
@deads2k
Copy link
Contributor Author

deads2k commented Aug 3, 2016

LGTM

remind me about the cherry-pick process. Do I tag it here or in the new pull?

@liggitt
Copy link
Member

liggitt commented Aug 3, 2016

set milestone and tag here

@deads2k deads2k added this to the v1.4 milestone Aug 3, 2016
@deads2k deads2k added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. cherrypick-candidate labels Aug 3, 2016
@liggitt liggitt added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Aug 3, 2016
@liggitt
Copy link
Member

liggitt commented Aug 3, 2016

I think if you want to pick to 1.3, needs 1.3 milestone, which is weird

@liggitt
Copy link
Member

liggitt commented Aug 3, 2016

needs release note

@deads2k deads2k modified the milestones: v1.3, v1.4 Aug 3, 2016
@liggitt liggitt assigned liggitt and unassigned erictune Aug 3, 2016
@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented Aug 3, 2016

GCE e2e build/test passed for commit 1e7adaa.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit 3eab996 into kubernetes:master Aug 3, 2016
@deads2k deads2k mentioned this pull request Aug 3, 2016
Merged
@fabioy fabioy added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Aug 10, 2016
@fabioy
Copy link
Contributor

fabioy commented Aug 10, 2016

Cherrypick approved. Thanks.

k8s-github-robot pushed a commit that referenced this pull request Aug 11, 2016
Merge pull request #30001 from deads2k/backport-subresources
df18fab 
Automatic merge from submit-queue

allow restricting subresource access

Backport of #29988 to properly secure access to subresources.

@kubernetes/sig-auth

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.kubernetes.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.kubernetes.io/reviews/kubernetes/kubernetes/30001)
<!-- Reviewable:end -->
@k8s-cherrypick-bot
Copy link

Commit found in the "release-1.3" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked.

@deads2k deads2k deleted the fix-subresource branch September 6, 2016 17:23
shyamjvs pushed a commit to shyamjvs/kubernetes that referenced this pull request Dec 1, 2016
Merge pull request kubernetes#30001 from deads2k/backport-subresources
9568142 
Automatic merge from submit-queue

allow restricting subresource access

Backport of kubernetes#29988 to properly secure access to subresources.

@kubernetes/sig-auth

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.kubernetes.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.kubernetes.io/reviews/kubernetes/kubernetes/30001)
<!-- Reviewable:end -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@liggitt liggitt

Labels
cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.3
Development

Successfully merging this pull request may close these issues.
8 participants
@deads2k @k8s-bot @liggitt @k8s-github-robot @fabioy @k8s-cherrypick-bot @googlebot @erictune