Jordan Liggitt

Massive numbers of transitive dependencies (including github.com/hashicorp/go-retryablehttp) required to build

21

#### What happened: Cannot build zeitgeist without pulling in MPL-licensed projects not in the CNCF allowlist. zeitgeist depends on github.com/xanzy/go-gitlab which pulls in github.com/hashicorp/go-retryablehttp which is MPL-licensed and not included...

Cannot extract go version info on minimal/reproducible/stripped binaries built with go1.14+

3

This worked on go1.13: ```sh docker run -it --entrypoint=bash golang:1.13 $ go get -d rsc.io/goversion $ go install -ldflags="-s -w -buildid=" rsc.io/goversion $ goversion `which goversion` ``` > ```sh >...

The new test target is not getting exercised in presubmits yet, and the presubmits only check v1 tests and examples, not v2 Opening this so we don't forget cc @thockin

The following files reference a metadata-only audit policy in order to prevent logging request/response contents for sensitive resources: * https://github.com/raffaelespazzoli/openshift-enablement-exam/blob/master/misc/advanced-audit/advanced-audit-policy_google.yaml A recent Kubernetes [bugfix](https://github.com/kubernetes/kubernetes/pull/102040) means that audit-logging of subresource requests...

Expand Kubernetes examples for multiple categories of CEL use

2

## Feature Description The existing Kubernetes examples in the drop-down are really nice, but CEL is supported in multiple contexts in Kubernetes, which have their own distinct inputs, documentation, and...

Audit policy metadata-only rule should include `serviceaccounts/token` resource

1

The following files reference a metadata-only audit policy in order to prevent logging request/response contents for sensitive resources: * https://github.com/TremoloSecurity/k8s-idm-lab/blob/master/k8s-audit-policy.yaml A recent Kubernetes [bugfix](https://github.com/kubernetes/kubernetes/pull/102040) means that audit-logging of subresource requests...

Transitive dependencies on github.com/hashicorp/go-retryablehttp required to build

8

#### What happened: Cannot build release-sdk commands without pulling in MPL-licensed projects not in the CNCF allowlist. `go mod why github.com/hashicorp/go-retryablehttp` shows this path to github.com/hashicorp/go-retryablehttp which is MPL-licensed and...

Allow authorization webhooks to request SARs in proto format

3

Now that we have structured authorization configuration, a useful option for authorization webhooks would be to receive SARs in proto format for efficiency /kind enhancement /sig auth /assign