Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dev to alpha #8520

Open
wants to merge 58 commits into
base: alpha
Choose a base branch
from
Open

dev to alpha #8520

wants to merge 58 commits into from

Conversation

k8s-on-aws-manager-app[bot]
Copy link
Contributor

@k8s-on-aws-manager-app k8s-on-aws-manager-app bot commented Nov 8, 2024
edited
Loading

  • Register generic admitter for write protection behind a feature flag (#⁠8519) - minor Minor changes, e.g. low risk config updates, changes that do not introduce a new API call.
  • update deployment-service components (#⁠8514) - bugfix Bug fixes and patches, e.g. fixing of a production issue that is affecting the customer experience.
  • make kube-janitor opt-in for production clusters (#⁠8524) - minor Minor changes, e.g. low risk config updates, changes that do not introduce a new API call.
  • update role-sync-controller and use CLI parameters for subjects (#⁠8528) - minor Minor changes, e.g. low risk config updates, changes that do not introduce a new API call.
  • [e2e] Refactor RBAC tests to use client-go instead of raw HTTP (#⁠8532) - major Major feature changes or updates, e.g. feature rollout to a new country, new API calls.
  • [RBAC] drop secret read permission from poweruser ClusterRole (#⁠8537) - minor Minor changes, e.g. low risk config updates, changes that do not introduce a new API call.
  • [e2e] Improvements on the RBAC e2es (#⁠8536) - minor Minor changes, e.g. low risk config updates, changes that do not introduce a new API call.
  • [e2e] Skip authz test for access handled by admission-controller (#⁠8539) - minor Minor changes, e.g. low risk config updates, changes that do not introduce a new API call.
  • Update custom metrics image to work with ipv6 (#⁠8541) - bugfix Bug fixes and patches, e.g. fixing of a production issue that is affecting the customer experience.

@k8s-on-aws-manager-app k8s-on-aws-manager-app bot added updates/master-nodes updates/defaults minor Minor changes, e.g. low risk config updates, changes that do not introduce a new API call. labels Nov 8, 2024
@k8s-on-aws-manager-app k8s-on-aws-manager-app bot added the bugfix Bug fixes and patches, e.g. fixing of a production issue that is affecting the customer experience. label Nov 8, 2024
demonCoder95 and others added 18 commits November 11, 2024 11:24
@demonCoder95
add note of caution on the config-item that enables kube-janitor in p…
60eb9d8 
…roduction
@demonCoder95
Merge pull request #8524 from zalando-incubator/kube-janitor-config
edddb61 
make kube-janitor opt-in for production clusters
@k8s-on-aws-manager-app
Merge dev to dev-to-alpha
8d11e8f
@demonCoder95
update role-sync-controller and use CLI parameters for subjects
58f691a
@linki
use correct image from production registry
6bf4d6c
@demonCoder95
Merge pull request #8528 from zalando-incubator/update-role-sync-cont…
8d759de 
…roller

update role-sync-controller and use CLI parameters for subjects
@k8s-on-aws-manager-app
Merge dev to dev-to-alpha
9fba4e2
@demonCoder95
add the rbac test suite description
80b7ff1
@demonCoder95
add rbac e2e utils
7ed7c87
@demonCoder95
setup the testing interface between test cases and utils backend
e1040a7
@demonCoder95
implement logic to evaluate output of a testcase
d3c1578
@demonCoder95
add logic to expand into resourceAttributes and nonResourceAttributes…
6bfbe46 
… from testCaseData
@demonCoder95
enable role-sync-controller
183cff9
@demonCoder95
add test cases for ReadOnly group
21d9068
@demonCoder95
resolve TODO about handling subresources
b845d03
@demonCoder95
fix bug in resource attribute expansion
a53f942
@demonCoder95
add test cases for PowerUser, Manual and Emergency groups
0566c2a
@demonCoder95
Refactor how the testCase output is evaluated
cdc0ee7 
We now match each SubjectAccessReview object with the expected result.
We then populate a list of all those that didn't meet expectation.
If a test fails, we use the String() function on the testCaseOutput
to print all these violating SARs.
If there are not such SARs, we consider the test passed.
@k8s-on-aws-manager-app k8s-on-aws-manager-app bot added the major Major feature changes or updates, e.g. feature rollout to a new country, new API calls. label Nov 22, 2024
demonCoder95 and others added 23 commits November 22, 2024 18:51
@demonCoder95
use global slices for verbs and resources
1b13def
@demonCoder95
re-introduce write protection test cases and add skip rules for them
6f7f8c9
@demonCoder95
combine default service-account test cases
4eba59b
@demonCoder95
add new tests for credentials-provider user
39e6e18
@demonCoder95
add test case for secret write access for administrators
04827d6
@demonCoder95
Unify read and write test cases into a single and other nits
1646c06 
Refactor allNamespaces as a global slice
Add clarification comments on the global slices
Replace all instances of "resource not a secret" with a wider list
of namespacedResources
@demonCoder95
drop secret read permission from poweruser ClusterRole
cba3a81
@demonCoder95
add secret reading permisisons to collaborator Roles
c8b3679
@demonCoder95
fix default namespace and pv as global resource
4962df7
@demonCoder95
test that poweruser can also read secrets in non-system namespaces
19b2daf
@demonCoder95
make RBAC changes only when role-sync-controller is enabled
6bda2f6
@demonCoder95
remove persistentvolumes from global resource slice
cbce361
@mikkeloscar
Merge pull request #8537 from zalando-incubator/drop-secret-read
f94d6df 
[RBAC] drop secret read permission from poweruser ClusterRole
@demonCoder95
handle skipped tests better
acd2bdf
@k8s-on-aws-manager-app
Merge dev to dev-to-alpha
bf90f0a
@mikkeloscar
Merge pull request #8536 from zalando-incubator/review-nits-rbac-e2e
fd4ff9f 
[e2e] Improvements on the RBAC e2es
@k8s-on-aws-manager-app
Merge dev to dev-to-alpha
b7eb73d
@demonCoder95
skip test for delete deny for system namespace for poweruser,manual,e…
3931435 
…mergency groups
@mikkeloscar
Update custom metrics image to work with ipv6
27dcc32 
Signed-off-by: Mikkel Oscar Lyderik Larsen <[email protected]>
@mikkeloscar
Merge pull request #8539 from zalando-incubator/remove-test
2649d9d 
[e2e] Skip authz test for access handled by admission-controller
@k8s-on-aws-manager-app
Merge dev to dev-to-alpha
2c44092
@demonCoder95
Merge pull request #8541 from zalando-incubator/update-custom-autosca…
b077696 
…ler-e2e

Update custom metrics image to work with ipv6
@k8s-on-aws-manager-app
Merge dev to dev-to-alpha
934eef5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bugfix Bug fixes and patches, e.g. fixing of a production issue that is affecting the customer experience. major Major feature changes or updates, e.g. feature rollout to a new country, new API calls. minor Minor changes, e.g. low risk config updates, changes that do not introduce a new API call. updates/defaults updates/master-nodes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@linki @demonCoder95 @mikkeloscar