Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAR tests #4306

Open
deads2k opened this issue Aug 21, 2015 · 5 comments
Open

SAR tests #4306

deads2k opened this issue Aug 21, 2015 · 5 comments
Labels
area/security area/techdebt area/tests component/auth help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/P2 sig/security

Comments

@deads2k
Copy link
Contributor

deads2k commented Aug 21, 2015

Make a full test suite for SAR that covers these with both the current and the backwards compatible endpoints.

Personal LSAR -> allowed by local personal LSAR binding
Personal LSAR -> allowed by global personal LSAR binding
Personal LSAR -> denied by missing LSAR binding

Personal SAR without action.namespace -> allowed by global personal SAR binding
Personal SAR without action.namespace -> denied by missing SAR binding

Personal SAR with action.namespace -> allowed by global personal SAR binding and global personal LSAR binding
Personal SAR with action.namespace -> allowed by global personal SAR binding and local personal LSAR binding
Personal SAR with action.namespace -> denied by global personal SAR binding and missing LSAR binding
Personal SAR with action.namespace -> denied by missing SAR binding

Impersonal LSAR -> allowed by local LSAR binding
Impersonal LSAR -> allowed by global LSAR binding
Impersonal LSAR -> denied by local personal LSAR binding
Impersonal LSAR -> denied by global personal LSAR binding
Impersonal LSAR -> denied by missing LSAR binding

Impersonal SAR without action.namespace -> allowed by global SAR binding
Impersonal SAR without action.namespace -> denied by global personal SAR binding
Impersonal SAR without action.namespace -> denied by missing SAR binding

Impersonal SAR with action.namespace -> allowed by global SAR binding and global LSAR binding
Impersonal SAR with action.namespace -> allowed by global SAR binding and local LSAR binding
Impersonal SAR with action.namespace -> denied by global SAR binding and personal LSAR binding
Impersonal SAR with action.namespace -> denied by global personal SAR binding and LSAR binding
Impersonal SAR with action.namespace -> denied by global SAR binding and missing LSAR binding
Impersonal SAR with action.namespace -> denied by missing SAR binding
@deads2k deads2k mentioned this issue Aug 21, 2015
Merged
@liggitt liggitt self-assigned this Aug 21, 2015
@pweil- pweil- assigned sgallagher and unassigned liggitt Apr 4, 2016
@pweil- pweil- assigned mfojtik and unassigned sgallagher Sep 21, 2016
@mfojtik mfojtik assigned soltysh and unassigned mfojtik Sep 21, 2016
@soltysh soltysh assigned enj and unassigned soltysh Aug 23, 2017
@soltysh
Copy link
Contributor

soltysh commented Aug 23, 2017

@enj I'll leave it up to you to decide whether we still needed or with the upstream RBAC we're ok in which case you can go ahead and close this.

@enj enj added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Aug 23, 2017
@enj
Copy link
Contributor

enj commented Aug 23, 2017

@simo5 at some point we should look into adding coverage for this.

@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 18, 2018
@enj
Copy link
Contributor

enj commented Feb 19, 2018

/lifecycle frozen

@openshift-ci-robot openshift-ci-robot added the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label Feb 19, 2018
@0xmichalis 0xmichalis removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 23, 2018
@enj
Copy link
Contributor

enj commented Oct 16, 2019

/unassign

@stlaz @sttts @mfojtik

@enj enj unassigned simo5 Oct 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security area/techdebt area/tests component/auth help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/P2 sig/security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests