Skip to content

Comments

LimitSecretReferences in service account admission, fix service account round-tripping in builds#2884

Merged
openshift-bot merged 2 commits intoopenshift:masterfrom
liggitt:limit_secret_refs
Jun 6, 2015
Merged

LimitSecretReferences in service account admission, fix service account round-tripping in builds#2884
openshift-bot merged 2 commits intoopenshift:masterfrom
liggitt:limit_secret_refs

Conversation

@liggitt
Copy link
Contributor

@liggitt liggitt commented Jun 5, 2015

Fixes #2883

  • Moved ServiceAccount field to BuildParameters in internal API (doesn't change external API)
    • Allows round-tripping BuildConfig correctly
    • Maps better to BuildSpec anyway
  • Made the BuildGenerator honor a service account set on a BuildConfig, or fall back to DefaultServiceAccountName/bootstrappolicy.BuilderServiceAccountName
  • Fixed conversions to set output fields, not input fields
  • Adjusted serialization test to clone the original item for comparison to catch cases where conversion messed with the input
  • Enabled admission controller limiting secret access to the service account for the pod

@liggitt liggitt changed the title UPSTREAM: Enable LimitSecretReferences in service account admission LimitSecretReferences in service account admission Jun 5, 2015
@liggitt
Copy link
Contributor Author

liggitt commented Jun 5, 2015

[test]

@liggitt liggitt changed the title LimitSecretReferences in service account admission LimitSecretReferences in service account admission, fix service account round-tripping in builds Jun 6, 2015
@liggitt
Copy link
Contributor Author

liggitt commented Jun 6, 2015

@ncdc @mfojtik review

@openshift-bot
Copy link
Contributor

openshift-bot commented Jun 6, 2015

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/2855/)

@liggitt
Copy link
Contributor Author

liggitt commented Jun 6, 2015

(or @smarterclayton can review)

@smarterclayton
Copy link
Contributor

smarterclayton commented Jun 6, 2015

Nm it's small LGTM [merge]

@openshift-bot
Copy link
Contributor

openshift-bot commented Jun 6, 2015

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_origin/2299/) (Image: devenv-fedora_1735)

@openshift-bot
Copy link
Contributor

openshift-bot commented Jun 6, 2015

Evaluated for origin up to c36cb41

openshift-bot pushed a commit that referenced this pull request Jun 6, 2015
Merge pull request #2884 from liggitt/limit_secret_refs
12c5eef 
Merged by openshift-bot
@openshift-bot openshift-bot merged commit 12c5eef into openshift:master Jun 6, 2015
@liggitt liggitt deleted the limit_secret_refs branch June 6, 2015 19:22
@smarterclayton
Copy link
Contributor

smarterclayton commented Jun 17, 2015

In order to clear the upstream patch, this change needs a way to configure admission controllers. kubernetes/kubernetes#9879

@smarterclayton smarterclayton mentioned this pull request Jun 17, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@liggitt @openshift-bot @smarterclayton