scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-10-30 01:42:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
77d644f2839e767a29507dbf62b59b5d4cefa36e
kubernetes/plugin/pkg
History
Kubernetes Submit Queue 77d644f283 Merge pull request #42245 from deads2k/rbac-06-namespace-leak 
Automatic merge from submit-queue (batch tested with PRs 42126, 42130, 42232, 42245, 41932)

allow subject access review to non-existent namespace

A localsubjectaccessreview is a special kind of resource which can be created even when the namespace doesn't exist.  Since permissions can be granted at different scopes, you can reasonably check if someone *could* do something at a lower scope that isn't there yet.  In addition, the permission to do an access check is separate from the permission to list all namespaces, so we're leaking information.

@liggitt @kubernetes/sig-auth-pr-reviews
2017-03-02 02:07:28 -08:00
..
admission
Merge pull request #42245 from deads2k/rbac-06-namespace-leak
2017-03-02 02:07:28 -08:00
auth
Merge pull request #42259 from deads2k/rbac-07-reconcile-binding
2017-03-01 16:57:51 -08:00
scheduler
Merge pull request #41708 from bsalamat/statefulset_spreading2
2017-02-28 20:16:08 -08:00