You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Merge commit from fork
Backport of the privilege-escalation fix to release-1.8. Adds an explicit,
per-request authorization check that verifies the caller already holds every
permission being granted or conferred before a Kargo Role change is applied,
covering both Role rule edits (Create/Update/GrantPermissionsToRole) and
identity bindings (GrantRoleToUsers).
This is a single-commit, 1.8-specific adaptation of the two commits authored
against main. It reuses release-1.8's existing policy-rule normalization (which
resolves API groups via getGroupName) rather than backporting the larger
dynamic group-resolution refactor; the fundamental security behavior is
identical.
Signed-off-by: Taylor Thomas <taylor.thomas@akuity.io>
