You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
an extension of #104, now that user impersonation is available, we need to enforce it for users who have direct cluster access.
The admission controller should enforce a users id on razeedeploy resources, unless they are authorized via the kube api to impersonate another user, in which case we will allow them to specify a different user than themselves.
the admission controller should be able to make an api call to kube api, given the user id, ask kube if the user has the required access to do user impersonation. given the response from kube, we either leave the user impersonation field in the razeedeploy resource as is, or update it to the requesting user's id before allowing it to be applied to the cluster.
The text was updated successfully, but these errors were encountered:
an extension of #104, now that user impersonation is available, we need to enforce it for users who have direct cluster access.
The admission controller should enforce a users id on razeedeploy resources, unless they are authorized via the kube api to impersonate another user, in which case we will allow them to specify a different user than themselves.
the admission controller should be able to make an api call to kube api, given the user id, ask kube if the user has the required access to do user impersonation. given the response from kube, we either leave the user impersonation field in the razeedeploy resource as is, or update it to the requesting user's id before allowing it to be applied to the cluster.
The text was updated successfully, but these errors were encountered: