Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add saml_idp_service_provider label and label expression to RoleConditions #39039

Merged
merged 11 commits into from
Mar 7, 2024
Merged

Add saml_idp_service_provider label and label expression to RoleConditions #39039

merged 11 commits into from
Mar 7, 2024

Conversation

flyinghermit
Copy link
Contributor

@flyinghermit flyinghermit commented Mar 6, 2024
edited
Loading

This PR adds label and label expression types for saml_idp_service_provider resource in the RoleConditions and adds them to label matchers.

TODO and followups:

  • Update unified resource view to evaluate SAML labels (it currently has an explicit exclusion),
  • Test SAML labels are applied to Access Request,
  • Update Web UI role templates,
  • Test and update SAML IdP authentication flow to check for labels.

Note: no default wildcard label values are assigned to saml_idp_service_provider_labels. I think that's a safe default and we no longer add such wildcard value for apps, nodes, database, kubernetes resource since Role v4.

@flyinghermit flyinghermit changed the title Role label and label expression for saml_idp_service_provider resource Add saml_idp_service_provider label and label expression to RoleConditions Mar 6, 2024
@flyinghermit flyinghermit marked this pull request as ready for review March 6, 2024 21:56
@flyinghermit flyinghermit added the no-changelog Indicates that a PR does not require a changelog entry label Mar 6, 2024
@github-actions github-actions bot requested review from mdwn and tigrato March 6, 2024 21:57
@flyinghermit
Copy link
Contributor Author

Note to reviewer: no-changelog label and missing backport labels since these changes affects RBAC, I will manually backport it once all the TODOs are tested and implemented.

@flyinghermit
Copy link
Contributor Author

flyinghermit commented Mar 7, 2024
edited
Loading

So it seems I would need to run the make -C integrations/operator manifests, why the linter would fail otherwise. I have done that in 22f5288

Edit: I had to run it again in 2a76097 as the initial make -C integrations/operator manifests did not to generate example files.

@flyinghermit
Copy link
Contributor Author

Test and lint runner are finally green.

@mdwn @tigrato can you please review again? The PR has now new auto generated crd files.

@flyinghermit flyinghermit added this pull request to the merge queue Mar 7, 2024
Merged via the queue into master with commit bf50fba Mar 7, 2024
39 checks passed
@flyinghermit flyinghermit deleted the sshah/saml_idp_service_provider_labels branch March 7, 2024 16:33
@flyinghermit flyinghermit mentioned this pull request Mar 8, 2024
Closed
@flyinghermit flyinghermit mentioned this pull request Mar 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tigrato tigrato tigrato approved these changes

@mdwn mdwn mdwn approved these changes

Assignees
No one assigned
Labels
no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@flyinghermit @mdwn @tigrato