aws/cert-manager: Tighten IAM permissions for cert-manager #16412
Conversation
|
|
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @andsens. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
cncf-cla: no
k8s-ci-robot
added
cncf-cla: yes
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
This change restricts which record types and domain prefixes cert-manager is allowed to change for DNS01 acme challenges. Only _acme-challenge.* TXT records may be created/updated/removed. Implements kubernetes#15680
andsens
force-pushed
the
tighten-cert-manager-aws-permissions
branch
from
eb07883
to
a902f9e
Compare
|
Thank you @andsens! |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hakman The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
…-upstream-release-1.29 Automated cherry pick of #16412: aws/cert-manager: Tighten IAM permissions for cert-manager
This change restricts which record types and domain prefixes cert-manager is allowed to change for DNS01 acme challenges.
Only
_acme-challenge.*TXT records may be created/updated/removed.Implements #15680
I ran
make all examples testand it compiles, but beyond that I have not created any tests for this (knowledge of go is ankle deep) so I hope someone is kind enough to help me out and add that :-)