upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-03-03 22:20:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/pkg
History
Kubernetes Submit Queue 3f2a02cf98 Merge pull request #39383 from liggitt/bind-check 
Automatic merge from submit-queue (batch tested with PRs 39694, 39383, 39651, 39691, 39497)

Allow rolebinding/clusterrolebinding with explicit bind permission check

Fixes https://github.com/kubernetes/kubernetes/issues/39176
Fixes https://github.com/kubernetes/kubernetes/issues/39258

Allows creating/updating a rolebinding/clusterrolebinding if the user has explicitly been granted permission to perform the "bind" verb against the referenced role/clusterrole (previously, they could only bind if they already had all the permissions in the referenced role via an RBAC role themselves)

```release-note
To create or update an RBAC RoleBinding or ClusterRoleBinding object, a user must:
1. Be authorized to make the create or update API request
2. Be allowed to bind the referenced role, either by already having all of the permissions contained in the referenced role, or by having the "bind" permission on the referenced role.
```
2017-01-10 21:25:13 -08:00
..
admission Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
api move tests which need to stay in k8s.io/kubernetes for API scheme 2017-01-10 10:04:32 -05:00
apimachinery move tests which need to stay in k8s.io/kubernetes for API scheme 2017-01-10 10:04:32 -05:00
apis Merge pull request #39686 from deads2k/rbac-38-snip-bad-dep 2017-01-10 20:38:21 -08:00
auth Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
capabilities Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
client generated: change to WatchEvent from Event 2017-01-06 23:45:05 -05:00
cloudprovider fix #38362: create blob vhds container if not exists 2017-01-06 15:50:14 +00:00
controller Merge pull request #39694 from DirectXMan12/bug/hpa-panic 2017-01-10 21:25:10 -08:00
conversion Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
credentialprovider Merge pull request #38746 from justinsb/aws_eu_west_2 2017-01-10 11:54:17 -08:00
fieldpath Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
fields Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
generated Merge pull request #39673 from liggitt/deads2k-fix-bindata 2017-01-10 20:38:13 -08:00
genericapiserver Merge pull request #39442 from deads2k/generic-08-client-go-01 2017-01-10 09:53:41 -08:00
httplog Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
hyperkube Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
kubeapiserver switch webhook to clientgo 2017-01-09 16:53:24 -05:00
kubectl Merge pull request #39540 from pwittrock/kubectldocs 2017-01-10 20:38:19 -08:00
kubelet Merge pull request #39005 from brendandburns/windows 2017-01-10 19:48:16 -08:00
kubemark Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
labels Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
master Merge pull request #39383 from liggitt/bind-check 2017-01-10 21:25:13 -08:00
metrics Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
probe Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
proxy Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
quota Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
registry Allow rolebinding/clusterrolebinding with explicit bind permission check 2017-01-10 14:34:33 -05:00
routes Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
runtime move tests which need to stay in k8s.io/kubernetes for API scheme 2017-01-10 10:04:32 -05:00
security Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
securitycontext Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
selection Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
serviceaccount Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
ssh Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
storage Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
types Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
util Merge pull request #38342 from ymqytw/make_SPatch_delete_all_duplicates 2017-01-10 16:07:16 -08:00
version Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
volume Merge pull request #39477 from dashpole/zombie_wc 2017-01-10 14:33:15 -08:00
watch move tests which need to stay in k8s.io/kubernetes for API scheme 2017-01-10 10:04:32 -05:00
BUILD Result of hack/update-all.sh 2017-01-06 13:08:56 -08:00
OWNERS Remove bgrant from pkg/OWNERS and pkg/kubectl/OWNERS since he has plenty to do. 2016-06-16 08:21:27 -07:00