upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-03-01 13:10:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/plugin/pkg
History
Kubernetes Submit Queue 77d644f283 Merge pull request #42245 from deads2k/rbac-06-namespace-leak 
Automatic merge from submit-queue (batch tested with PRs 42126, 42130, 42232, 42245, 41932)

allow subject access review to non-existent namespace

A localsubjectaccessreview is a special kind of resource which can be created even when the namespace doesn't exist.  Since permissions can be granted at different scopes, you can reasonably check if someone *could* do something at a lower scope that isn't there yet.  In addition, the permission to do an access check is separate from the permission to list all namespaces, so we're leaking information.

@liggitt @kubernetes/sig-auth-pr-reviews
2017-03-02 02:07:28 -08:00
..
admission Merge pull request #42245 from deads2k/rbac-06-namespace-leak 2017-03-02 02:07:28 -08:00
auth Merge pull request #42259 from deads2k/rbac-07-reconcile-binding 2017-03-01 16:57:51 -08:00
scheduler Merge pull request #41708 from bsalamat/statefulset_spreading2 2017-02-28 20:16:08 -08:00