Skip to content

feat: add AccessControl rest client #473

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add AccessControl rest client #473

wants to merge 2 commits into from
+89 −3

Conversation

@Cali0707
Copy link
Collaborator

@Cali0707 Cali0707 commented Nov 17, 2025

To make it easier for people adding toolsets to complete arbitrary actions against arbitrary resources while maintaining the access control, this creates a rest.Interface that is configured with a roundtripper that will ensure that only requests against GVRs that are allowed can be made.

@Cali0707
feat: add accesscontrol rest client
0df0da3 
Signed-off-by: Calum Murray <cmurray@redhat.com>
@Cali0707
feat: expose accesscontrol rest client through Kubernetes interface
e283839 
Signed-off-by: Calum Murray <cmurray@redhat.com>
@Cali0707
Copy link
Collaborator Author

Cali0707 commented Nov 17, 2025

@manusa not totally sure if we want this or not, just trying to prototype some ways to make it easier for toolset authors to do what they want while enforcing the access control. Lmk what you think!

@Cali0707 Cali0707 mentioned this pull request Nov 17, 2025
Open
@manusa
Copy link
Member

manusa commented Nov 18, 2025

This is exactly the approach I wanted to follow: Move it up the stack as much as possible so that we don't need to check for access at the specific clients.
If all clients are using the RoundTripper or the approved REST Client, then we should be safe.

What I'm not sure is about the side-effects of this approach, neither if there are edge cases that need further consideratio.

Let me work on the base you created here and see if we can actually free ourselves from the other client implementations and fixes.

@manusa manusa mentioned this pull request Nov 18, 2025
Open
@manusa manusa self-assigned this Nov 18, 2025
@Cali0707 Cali0707 mentioned this pull request Nov 18, 2025
Open
@manusa manusa mentioned this pull request Nov 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@manusa manusa

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Cali0707 @manusa