New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(permissions): API permissions model using client token #599
Conversation
0418ce7
to
f06fb0b
Compare
d6e7eff
to
13f35ba
Compare
1e86a20
to
82d5f00
Compare
@ebaron ready for review |
da535f3
to
0679468
Compare
bf2f081
to
dc5b7e7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! I still have some reservations about tying the permissions model to the operator's Kubernetes client. For example, create flightrecorders
isn't currently a valid action for a user to take. This also ends up creating a hard dependency on the operator. I think we can revisit and fine-tune the permissions later on though.
3873b2b
to
57fc328
Compare
I've added a |
d921148
to
a23ace0
Compare
a23ace0
to
95321a6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. I tested it locally with the corresponding changes in the operator. I attempted to log in with a fake token to see what would happen and there was no visual indicator in the UI, but there was a 401 Unauthorized
in the log. I'm not sure if this differs at all from the current behaviour.
The operator changes are pretty much done, just need to add some more tests. I think these PRs should be merged at the same time to prevent breakage.
I believe that's normal, although now that you mention it, there probably should be some indication that the request was made and rejected. |
Fixes #554
Fixes #575