Skip to content

Commit 7e4fcb5

Browse files
csheremetacsheremeta
committed
Fix bug that allowed dedicated-admins to edit osd-devaccess group
1 parent f0fc475 commit 7e4fcb5

File tree

3 files changed

+3
-3
lines changed

3 files changed

+3
-3
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ A Flask app designed to act as a webhook admission controller for OpenShift.
88

99
Configuration for this webhook is provided by environment variables:
1010

11-
* `GROUP_VALIDATION_PROTECTED_GROUP_REGEX` - Regular expression for protected group names, such as `osd-` to apply to `CREATE`, `UPDATE`, `DELETE` operations on groups starting with `osd-`. (default: `(^osd-sre.*|^dedicated-admins$|^cluster-admins$|^layered-cs-sre-admins$)`)
11+
* `GROUP_VALIDATION_PROTECTED_GROUP_REGEX` - Regular expression for protected group names, such as `osd-` to apply to `CREATE`, `UPDATE`, `DELETE` operations on groups starting with `osd-`. (default: `(^osd-.*|^dedicated-admins$|^cluster-admins$|^layered-cs-sre-admins$)`)
1212
* `GROUP_VALIDATION_ADMIN_GROUP` - Admin groups, which the requestor must be a member in order to have access granted. This is comma-separated. (default: `osd-sre-admins,osd-sre-cluster-admins`)
1313
* `DEBUG_GROUP_VALIDATION` - Debug the webhook? Set to `True` to enable, all other values (including absent) disable. (default: False)
1414

build/selectorsyncset.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -358,7 +358,7 @@ objects:
358358
- name: GROUP_VALIDATION_ADMIN_GROUP
359359
value: osd-sre-admins,osd-sre-cluster-admins
360360
- name: GROUP_VALIDATION_PROTECTED_GROUP_REGEX
361-
value: (^osd-sre.*|^dedicated-admins$|^cluster-admins$|^layered-cs-sre-admins$)
361+
value: (^osd-.*|^dedicated-admins$|^cluster-admins$|^layered-cs-sre-admins$)
362362
command:
363363
- gunicorn
364364
- --config

templates/20-validation-webhook.deployment.yaml.tmpl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ spec:
3434
- name: GROUP_VALIDATION_ADMIN_GROUP
3535
value: "osd-sre-admins,osd-sre-cluster-admins"
3636
- name: GROUP_VALIDATION_PROTECTED_GROUP_REGEX
37-
value: "(^osd-sre.*|^dedicated-admins$|^cluster-admins$|^layered-cs-sre-admins$)"
37+
value: "(^osd-.*|^dedicated-admins$|^cluster-admins$|^layered-cs-sre-admins$)"
3838
command:
3939
- gunicorn
4040
- --config

0 commit comments

Comments
 (0)