-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow relaunching other user jobs with public vars #3783
Allow relaunching other user jobs with public vars #3783
Conversation
Build failed.
|
8e826af
to
29c8d11
Compare
Build failed.
|
29c8d11
to
5720601
Compare
Build succeeded.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems ok to me.
Note that if we ever tackle #3476 , we'll need to rethink this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I think I'm okay with this. This method might not even need to change if we do that, because we're checking read access to the job already. |
Build succeeded (gate pipeline).
|
SUMMARY
The previous check here was too restrictive.
If you can read the job then you can see the variables that the other user provided, except for encrypted variables. Thus, there is no security difference between before vs. after this change.
ISSUE TYPE
COMPONENT NAME
AWX VERSION
ADDITIONAL INFORMATION