rancher
/
webhook
mirror of https://github.com/rancher/webhook.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
722 Commits 193 Branches 442 Tags 5.4 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
Vatsal Parekh f449e4babc
Update dependencies for k8s 1.32 (#672) 
Signed-off-by: Vatsal Parekh <vatsalparekh@outlook.com>
 2025-02-18 21:13:46 +05:30
Eric Promislow d09d706d1d
Bump to k8s 1.31 (#528) 
* Merge pull request #316 from thatmidwesterncoder/toleration_validation (#459)

Add validation to Toleration and Affinitys Keys

* Bump to k8s 1.31

* Bump the maximum supported k8s version to 1.31

* Bump other k8s modules to be consistent with k8s 1.31

* Bump to versions of lasso and wrangler that support k8s 1.31

* Move go the go-uber gomock module.

* Update the wrangler module.

* Correct the mockgen install command.

* And re-correct the 'go install ... mockgen' command.

---------

Co-authored-by: Jacob Lindgren <jacob.lindgren@suse.com>
 2024-10-28 17:18:11 -07:00
Raul Cabello Martin f5cfd9821f
[v0.5] s4: Fixes 374 (#409) 
* Verify ExternalRules in RoleTemplates

If the feature flag external-rules is enabled, the validation for RT follows this sequence:
- 1) Reject if externalRules are provided and the user doesn’t have escalate permissions on RoleTemplates.
- 2) Validate the policy rules defined in externalRules the same way as the already existing rules field. This validation leverages Kubernetes’ upstream validation. Webhook will validate this only if external is set to true.
- 3) Use externalRules for resolving rules if provided.
- 4) Use backing ClusterRole in the local cluster if externalRules are not provided.
- 5) Reject if externalRules are not provided and there is no backing ClusterRole in the local cluster.

For PRTB or CRTB:
- 1) Use externalRules for resolving rules if provided.
- 2) Use backing ClusterRole in the local cluster if externalRules are not provided.

The previous verification process applies if the external-rules feature flag is disabled.

* Allow Restricted Admin to update external-rules feature flag (#102)

---------
Co-authored-by: Raul Cabello Martin <raulcabm@gmail.com>
Co-authored-by: Jonathan Crowther <jonathan.crowther@suse.com>

* bump rancher to be able to use ExternalRules

* fix test conflict

---------

Co-authored-by: Peter Matseykanets <peter.matseykanets@suse.com>
 2024-06-25 10:34:38 +02:00
Kevin Joiner 3aa7a6a436 Update tests to use generics fakes. 2023-07-17 13:47:59 -04:00
Kevin Joiner f36421b8a7 golangci-lint cleanup 2023-05-04 11:30:52 -04:00
Michael Bolot 377c641501 Adds check for circular refernces to RoleTemplates 
When 2 role templates inherit from each other, this can cause
performance issues or an outright crash. This change aims to
ensure that role templates can't form circular references like
this in the future.
 2022-08-01 08:17:39 -05:00