Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply request.kubernetes_resources allow/deny settings when querying for kube resources #48196

Merged
merged 3 commits into from
Nov 4, 2024
Merged

Apply request.kubernetes_resources allow/deny settings when querying for kube resources #48196

merged 3 commits into from
Nov 4, 2024
+260 −10

Conversation

kimlisa
Copy link
Contributor

@kimlisa kimlisa commented Oct 31, 2024
edited
Loading

part of #46742

addresses review comment on #47173 (review)

Now, when user query for kube resources, when going through search as roles, ensure that request.kubernetes_resources allow and deny settings are respected for the requested kube resource kind. If no roles matched, the query request will return a access denied error

@kimlisa kimlisa requested review from tigrato and nklaassen October 31, 2024 08:18
@kimlisa kimlisa removed the request for review from gabrielcorado October 31, 2024 08:19
@kimlisa kimlisa force-pushed the lisa/add-request-type-check branch from b243c2f to 70c6e05 Compare October 31, 2024 08:20
@kimlisa kimlisa force-pushed the lisa/add-request-mode-role-option branch from b98a970 to 51998b5 Compare October 31, 2024 15:50
@kimlisa kimlisa force-pushed the lisa/add-request-type-check branch from 70c6e05 to d587dea Compare October 31, 2024 15:51
nklaassen
nklaassen reviewed Oct 31, 2024
View reviewed changes
lib/services/role.go Outdated Show resolved Hide resolved
@kimlisa kimlisa force-pushed the lisa/add-request-mode-role-option branch 2 times, most recently from d69b2f5 to f8dc68e Compare November 1, 2024 00:07
Base automatically changed from lisa/add-request-mode-role-option to master November 1, 2024 04:05
@kimlisa kimlisa force-pushed the lisa/add-request-type-check branch from d587dea to c97e134 Compare November 1, 2024 09:06
@kimlisa kimlisa requested a review from nklaassen November 1, 2024 09:08
nklaassen
nklaassen reviewed Nov 1, 2024
View reviewed changes
lib/services/role.go Outdated Show resolved Hide resolved
lib/services/role.go Outdated Show resolved Hide resolved
@kimlisa kimlisa force-pushed the lisa/add-request-type-check branch from 565c6e2 to a4fe48c Compare November 1, 2024 19:27
@kimlisa kimlisa requested a review from nklaassen November 1, 2024 19:36
@kimlisa kimlisa added the no-changelog Indicates that a PR does not require a changelog entry label Nov 4, 2024
@kimlisa kimlisa enabled auto-merge November 4, 2024 17:07
@kimlisa kimlisa added this pull request to the merge queue Nov 4, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Nov 4, 2024
@kimlisa kimlisa added this pull request to the merge queue Nov 4, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Nov 4, 2024
@kimlisa kimlisa enabled auto-merge November 4, 2024 17:49
@kimlisa kimlisa added this pull request to the merge queue Nov 4, 2024
Merged via the queue into master with commit 65b65f8 Nov 4, 2024
38 of 39 checks passed
@kimlisa kimlisa deleted the lisa/add-request-type-check branch November 4, 2024 18:31
@public-teleport-github-review-bot
Copy link

@kimlisa See the table below for backport results.

Branch Result
branch/v16 Create PR
branch/v17 Create PR

This was referenced Nov 4, 2024
Merged
Closed
kimlisa added a commit that referenced this pull request Nov 4, 2024
@kimlisa
Apply request.kubernetes_resources allow/deny settings when querying …
e7cb2e2 
…for kube resources (#48196)

* Apply request.kubernetes_resources allow/deny when querying for kube resources

* Address CR
@kimlisa kimlisa mentioned this pull request Nov 4, 2024
Merged
kimlisa added a commit that referenced this pull request Nov 5, 2024
@kimlisa
Apply request.kubernetes_resources allow/deny settings when querying …
2e1fc23 
…for kube resources (#48196)

* Apply request.kubernetes_resources allow/deny when querying for kube resources

* Address CR
github-merge-queue bot pushed a commit that referenced this pull request Nov 6, 2024
@kimlisa
[v16] Add a new role.allow.request field called kubernetes_resources (
fa25dd5 
#48387)

* Add a new `role.allow.request` field called `kubernetes_resources` (#47173)

* Add a new role.allow.request field called kubernetes_resources

* Fix lint: update terraform docs

* Apply request.kubernetes_resources allow/deny settings when querying for kube resources (#48196)

* Apply request.kubernetes_resources allow/deny when querying for kube resources

* Address CR

* Replace unsupported library funcs

* Add missing role conditions getter
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nklaassen nklaassen nklaassen approved these changes

@tigrato tigrato tigrato approved these changes

Assignees
No one assigned
Labels
backport/branch/v16 backport/branch/v17 kubernetes-access no-changelog Indicates that a PR does not require a changelog entry size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kimlisa @tigrato @nklaassen