Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RBAC Migration Followup #12: use RBAC encoding in create-bootstrap-policy-file #15825

Closed
enj opened this issue Aug 17, 2017 · 6 comments
Closed

RBAC Migration Followup #12: use RBAC encoding in create-bootstrap-policy-file #15825

enj opened this issue Aug 17, 2017 · 6 comments
Assignees
@mrogers950
Labels
area/security area/techdebt component/auth lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/P2 sig/security
Milestone
v3.10

Comments

@enj
Copy link
Contributor

enj commented Aug 17, 2017

Switch encoding to RBAC in pkg/cmd/server/admin/create_bootstrappolicy_file.go
@simo5 simo5 mentioned this issue Aug 17, 2017
Merged
67 tasks
@enj enj modified the milestone: 3.7.0 Aug 17, 2017
@simo5 simo5 added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Aug 22, 2017
@enj
Copy link
Contributor Author

enj commented Aug 23, 2017

This is similar to #15833 / #15857 in that it deals with how we encode exported auth data. Currently the create-bootstrap-policy-file command writes out the legacy origin auth types instead of the RBAC objects.

@deads2k @liggitt can we do this in 3.7? Won't it make the command incompatible with older clusters?

@deads2k
Copy link
Contributor

deads2k commented Aug 24, 2017

@enj didn't you guys kill the file since it wasn't being used anymore?

@simo5
Copy link
Contributor

simo5 commented Aug 24, 2017

@deads2k the admin command to create a bootstrap policy file still exists

@deads2k
Copy link
Contributor

deads2k commented Aug 24, 2017

@deads2k @liggitt can we do this in 3.7? Won't it make the command incompatible with older clusters?

@fabianofranz what kind of stability guarantees do we have on the command? If its based on intent, I guess I'd keep the encoding for 3.7 and switch for 3.8. I think the failure mode would be a 3.7 oc against a 3.6 master that was trying to export the rules and do something with them.

@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 19, 2018
@enj
Copy link
Contributor Author

enj commented Feb 19, 2018

/lifecycle frozen

@openshift-ci-robot openshift-ci-robot added the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label Feb 19, 2018
@mrogers950 mrogers950 mentioned this issue May 17, 2018
Merged
@enj enj removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 22, 2018
@enj enj assigned mrogers950 and unassigned simo5 May 22, 2018
@enj enj removed the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label May 22, 2018
@enj enj modified the milestones: v3.7, v3.10 May 22, 2018
@mrogers950 mrogers950 mentioned this issue May 22, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mrogers950 mrogers950

Labels
area/security area/techdebt component/auth lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/P2 sig/security
Projects
None yet
Milestone
v3.10
Development

No branches or pull requests
6 participants
@openshift-bot @mrogers950 @enj @deads2k @simo5 @openshift-ci-robot