multicloud-operators-subscription icon indicating copy to clipboard operation
multicloud-operators-subscription copied to clipboard

Published 20 hours ago verified publisher icon open-cluster-management-io

Will subscription support permission verification for different users?

Open ivan-cai opened this issue 2 years ago • 1 comments

Sometimes, we want to restrict common users(not admin) from creating some resources such as namespace and clusterole. I have seen that there is annotation "open-cluster-management.io/user-identity" in subscription, but subscription does not check user authorization by SubjectAccessReviews while applying resource. Will subscription support this?

@mikeshng @qiujian16

ivan-cai avatar Jan 12 '23 06:01 ivan-cai

Hi @ivan-cai as shared in Slack, I don't think we will add that feature because we are hoping to migrate our current app subscription users to argocd. So our app subscription is about to enter maintenance mode only. If you are interested in our integration with argocd that will work almost the same as our current app subscription model, please see: https://github.com/open-cluster-management-io/argocd-pull-integration https://github.com/argoproj/argo-cd/issues/11728 https://github.com/argoproj/argo-cd/pull/11879

CC @xiangjingli

mikeshng avatar Jan 12 '23 14:01 mikeshng