Fix console impersonation - Githubissues

appuio / component-openshift4-authentication

Commodore component to manage authentication on OpenShift 4

BSD 3-Clause "New" or "Revised" License

2 stars 0 forks source link

Fix console impersonation #90

Closed bastjan closed 9 months ago

bastjan commented 9 months ago

The console started checking with the following SelfSubjectAccessReview:

{
  "kind": "SelfSubjectAccessReview",
  "apiVersion": "authorization.k8s.io/v1",
  "metadata": {
    "creationTimestamp": null,
  },
  "spec": {
    "resourceAttributes": {
      "verb": "impersonate",
      "group": "authorization.k8s.io",
      "resource": "users",
      "name": "cluster-admin"
    }
  },
  "status": {
    "allowed": false
  }
}

Both users.authorization.k8s.io and users seem to be correct to receive impersonation rights in the API server.

Checklist

[x] The PR has a meaningful title. It will be used to auto-generate the changelog. The PR has a meaningful description that sums up the change. It will be linked in the changelog.
[x] PR contains a single logical change (to build a better changelog).
[x] Categorize the PR by adding one of the labels: bug, enhancement, documentation, change, breaking, dependency as they show up in the changelog.