Releases: rancher/webhook
Releases · rancher/webhook
v0.5.0-rc9
Remove external-rules feature flag (#414)
v0.4.8-rc1: [v0.4] s4: Fixes 374 (#408)
* [v0.4.6] s4: Fixes 374 (#392) * Update rancher/rancher/pkg/apis dependency * Verify ExternalRules in RoleTemplates If the feature flag external-rules is enabled, the validation for RT follows this sequence: - 1) Reject if externalRules are provided and the user doesn’t have escalate permissions on RoleTemplates. - 2) Validate the policy rules defined in externalRules the same way as the already existing rules field. This validation leverages Kubernetes’ upstream validation. Webhook will validate this only if external is set to true. - 3) Use externalRules for resolving rules if provided. - 4) Use backing ClusterRole in the local cluster if externalRules are not provided. - 5) Reject if externalRules are not provided and there is no backing ClusterRole in the local cluster. For PRTB or CRTB: - 1) Use externalRules for resolving rules if provided. - 2) Use backing ClusterRole in the local cluster if externalRules are not provided. The previous verification process applies if the external-rules feature flag is disabled. * Allow Restricted Admin to update external-rules feature flag (#102) --------- Co-authored-by: Raul Cabello Martin <raulcabm@gmail.com> Co-authored-by: Jonathan Crowther <jonathan.crowther@suse.com> * bump rancher to commit 2145c8e9d6034579caa6279856c59679f1102cf3 --------- Co-authored-by: Peter Matseykanets <peter.matseykanets@suse.com>
v0.3.12-rc1: [v0.3] s4: Fixes 374 (#407)
* [v0.3.10] s4: Fixes 374 (#393) * Update rancher/rancher/pkg/apis dependency * [v0.3.s4] Backport Verify ExternalRules in RoleTemplates (#103) If the feature flag external-rules is enabled, the validation for RT follows this sequence: - 1) Reject if externalRules are provided and the user doesn’t have escalate permissions on RoleTemplates. - 2) Validate the policy rules defined in externalRules the same way as the already existing rules field. This validation leverages Kubernetes’ upstream validation. Webhook will validate this only if external is set to true. - 3) Use externalRules for resolving rules if provided. - 4) Use backing ClusterRole in the local cluster if externalRules are not provided. - 5) Reject if externalRules are not provided and there is no backing ClusterRole in the local cluster. For PRTB or CRTB: - 1) Use externalRules for resolving rules if provided. - 2) Use backing ClusterRole in the local cluster if externalRules are not provided. The previous verification process applies if the external-rules feature flag is disabled. * [v0.3.s4] Allow Restricted Admin to update external-rules feature flag (#104) --------- Co-authored-by: Jonathan Crowther <jonathan.crowther@suse.com> Co-authored-by: Raul Cabello Martin <raulcabm@gmail.com> * bump rancher to commit 56a742be417f937c9189068110270271906556ba --------- Co-authored-by: Peter Matseykanets <peter.matseykanets@suse.com>
v0.3.12: [v0.3] s4: Fixes 374 (#407)
* [v0.3.10] s4: Fixes 374 (#393) * Update rancher/rancher/pkg/apis dependency * [v0.3.s4] Backport Verify ExternalRules in RoleTemplates (#103) If the feature flag external-rules is enabled, the validation for RT follows this sequence: - 1) Reject if externalRules are provided and the user doesn’t have escalate permissions on RoleTemplates. - 2) Validate the policy rules defined in externalRules the same way as the already existing rules field. This validation leverages Kubernetes’ upstream validation. Webhook will validate this only if external is set to true. - 3) Use externalRules for resolving rules if provided. - 4) Use backing ClusterRole in the local cluster if externalRules are not provided. - 5) Reject if externalRules are not provided and there is no backing ClusterRole in the local cluster. For PRTB or CRTB: - 1) Use externalRules for resolving rules if provided. - 2) Use backing ClusterRole in the local cluster if externalRules are not provided. The previous verification process applies if the external-rules feature flag is disabled. * [v0.3.s4] Allow Restricted Admin to update external-rules feature flag (#104) --------- Co-authored-by: Jonathan Crowther <jonathan.crowther@suse.com> Co-authored-by: Raul Cabello Martin <raulcabm@gmail.com> * bump rancher to commit 56a742be417f937c9189068110270271906556ba --------- Co-authored-by: Peter Matseykanets <peter.matseykanets@suse.com>
v0.4.7
Don't error if external-rules feature flag is not found when evaluati… …ng RoleTemplates (#398) return false instead
v0.3.11
[v0.3.10] Don't error if external-rules feature flag is not found whe… …n evaluating RoleTemplates (#399) return false instead
v0.4.6-rc2-s4
[v0.4.6] s4: Bump dependencies (#395)
v0.4.6
[v0.4.6] s4: Bump dependencies (#395)
v0.3.10-rc2-s4
[v0.3.10] s4: Bump dependencies (#396)
v0.3.10
[v0.3.10] s4: Bump dependencies (#396)