Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RBAC Migration Followup #15: Revisit forbidden message maker #15828

Closed
enj opened this issue Aug 17, 2017 · 3 comments
Closed

RBAC Migration Followup #15: Revisit forbidden message maker #15828

enj opened this issue Aug 17, 2017 · 3 comments
Assignees
@simo5
Labels
area/security area/techdebt component/auth lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/P2 sig/security
Milestone
v3.7

Comments

@enj
Copy link
Contributor

enj commented Aug 17, 2017

Revisit forbidden message maker (see if its needed / what we need from it)

For example, it prevents leaking information about if projects exist
@simo5 simo5 mentioned this issue Aug 17, 2017
Merged
67 tasks
@enj enj modified the milestone: 3.7.0 Aug 17, 2017
@abstractj
Copy link
Contributor

@enj where the forbidden message maker is located?

@enj
Copy link
Contributor Author

enj commented Aug 22, 2017
edited
Loading

See NewForbiddenMessageResolver in pkg/authorization/authorizer/messages.go. You will want to trace the history from starting from #2319 to determine if:

  1. Any of the code can be deleted
  2. Any of the code can be replaced with upstream equivalents
  3. We could also try to upstream it if people find kube's forbidden messages less than optimal

@simo5 simo5 added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Aug 22, 2017
@enj enj mentioned this issue Jan 18, 2018
Merged
@enj enj assigned deads2k and unassigned simo5 Jan 18, 2018
@enj enj removed the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Jan 18, 2018
@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 18, 2018
@enj enj added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 24, 2018
@simo5 simo5 assigned simo5 and unassigned deads2k Jul 20, 2018
@simo5 simo5 mentioned this issue Jul 20, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simo5 simo5

Labels
area/security area/techdebt component/auth lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/P2 sig/security
Projects
None yet
Milestone
v3.7
Development

No branches or pull requests
6 participants
@abstractj @openshift-bot @enj @deads2k @simo5 @openshift-ci-robot