weave-gitops icon indicating copy to clipboard operation
weave-gitops copied to clipboard

Published 20 hours ago verified publisher icon weaveworks

Fixes cluster admin querying

Open foot opened this issue 3 years ago • 2 comments

Closes

What changed?

Why was this change made?

How was this change implemented?

How did you validate the change?

Release notes

Documentation Changes

foot avatar Aug 10 '22 10:08 foot

For reference this is what a SelfSubjectReviews response for cluster-admin looks like:

{
  "metadata": { "creationTimestamp": null },
  "spec": {},
  "status": {
    "resourceRules": [
      {
        "verbs": ["create"],
        "apiGroups": ["authorization.k8s.io"],
        "resources": ["selfsubjectaccessreviews", "selfsubjectrulesreviews"]
      },
      { "verbs": ["*"], "apiGroups": ["*"], "resources": ["*"] }
    ],
    "nonResourceRules": [
      {
        "verbs": ["get"],
        "nonResourceURLs": [
          "/healthz",
          "/livez",
          "/readyz",
          "/version",
          "/version/"
        ]
      },
      {
        "verbs": ["get"],
        "nonResourceURLs": [
          "/api",
          "/api/*",
          "/apis",
          "/apis/*",
          "/healthz",
          "/livez",
          "/openapi",
          "/openapi/*",
          "/readyz",
          "/version",
          "/version/"
        ]
      },
      { "verbs": ["*"], "nonResourceURLs": ["*"] }
    ],
    "incomplete": true,
    "evaluationError": "webhook authorizer does not support user rule resolution"
  }
}

foot avatar Aug 10 '22 13:08 foot

👍 would be great to have this merged, fixes some issues we're having with cluster access

@foot any plans to push this through?

alexandermarston avatar Aug 21 '22 16:08 alexandermarston

Sorry! Got distracted. Will try and wrap this up for the next release

foot avatar Sep 06 '22 16:09 foot