origin icon indicating copy to clipboard operation
origin copied to clipboard
verified publisher icon openshift

SAR tests

Open deads2k opened this issue 10 years ago • 5 comments

Make a full test suite for SAR that covers these with both the current and the backwards compatible endpoints.

Personal LSAR -> allowed by local personal LSAR binding
Personal LSAR -> allowed by global personal LSAR binding
Personal LSAR -> denied by missing LSAR binding

Personal SAR without action.namespace -> allowed by global personal SAR binding
Personal SAR without action.namespace -> denied by missing SAR binding

Personal SAR with action.namespace -> allowed by global personal SAR binding and global personal LSAR binding
Personal SAR with action.namespace -> allowed by global personal SAR binding and local personal LSAR binding
Personal SAR with action.namespace -> denied by global personal SAR binding and missing LSAR binding
Personal SAR with action.namespace -> denied by missing SAR binding

Impersonal LSAR -> allowed by local LSAR binding
Impersonal LSAR -> allowed by global LSAR binding
Impersonal LSAR -> denied by local personal LSAR binding
Impersonal LSAR -> denied by global personal LSAR binding
Impersonal LSAR -> denied by missing LSAR binding

Impersonal SAR without action.namespace -> allowed by global SAR binding
Impersonal SAR without action.namespace -> denied by global personal SAR binding
Impersonal SAR without action.namespace -> denied by missing SAR binding

Impersonal SAR with action.namespace -> allowed by global SAR binding and global LSAR binding
Impersonal SAR with action.namespace -> allowed by global SAR binding and local LSAR binding
Impersonal SAR with action.namespace -> denied by global SAR binding and personal LSAR binding
Impersonal SAR with action.namespace -> denied by global personal SAR binding and LSAR binding
Impersonal SAR with action.namespace -> denied by global SAR binding and missing LSAR binding
Impersonal SAR with action.namespace -> denied by missing SAR binding

deads2k avatar Aug 21 '15 15:08 deads2k

@enj I'll leave it up to you to decide whether we still needed or with the upstream RBAC we're ok in which case you can go ahead and close this.

soltysh avatar Aug 23 '17 15:08 soltysh

@simo5 at some point we should look into adding coverage for this.

enj avatar Aug 23 '17 22:08 enj

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar Feb 18 '18 10:02 openshift-bot

/lifecycle frozen

enj avatar Feb 19 '18 18:02 enj

/unassign

@stlaz @sttts @mfojtik

enj avatar Oct 16 '19 15:10 enj