Skip to content

Commit

Permalink
Add missing comment to FleetWorkspacePermissionsResourceRulesFromRole
Browse files Browse the repository at this point in the history
  • Loading branch information
raulcabello committed Jun 19, 2024
1 parent acc851a commit d2dda9c
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions pkg/auth/globalrole.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,10 @@ func (g *GlobalRoleResolver) ClusterRulesFromRole(gr *v3.GlobalRole) ([]rbacv1.P
return rules, nil
}

// FleetWorkspacePermissionsResourceRulesFromRole finds rules which this GlobalRole gives on fleet resources in the workspace backing namespace.
// This is assuming a user has permissions in all workspaces (including fleet-local), which is not true. That's fine if we
// use it to evaluate InheritedFleetWorkspacePermissions.ResourceRules. However, it shouldn't be used in a more generic evaluation
// of permissions on the workspace backing namespace.
func (g *GlobalRoleResolver) FleetWorkspacePermissionsResourceRulesFromRole(gr *v3.GlobalRole) []rbacv1.PolicyRule {
for _, name := range adminRoles {
if gr.Name == name {
Expand Down

0 comments on commit d2dda9c

Please sign in to comment.