add system:image-auditor#8455
Conversation
|
[test] |
|
Evaluated for origin test up to 7f6db1f |
|
@pweil- concerns for 1.2? |
@pweil- @smarterclayton as you're mentioning, +1 for having this in 1.2 or something equivalent in openshift-ansible for |
|
No concerns on a new role, low risk. |
| Name: ImageAuditorRoleName, | ||
| }, | ||
| Rules: []authorizationapi.PolicyRule{ | ||
| { |
There was a problem hiding this comment.
I would not expect an auditor role to have any write permissions. Is there a different name we could use?
There was a problem hiding this comment.
I would not expect an auditor role to have any write permissions. Is there a different name we could use?
This is a thing that vets images to indicate whether they're good or bad. Alternate name suggestions welcome. I thought of this one and image-inspector, but thought that auditor was seemed like a better fit.
|
continuous-integration/openshift-jenkins/test FAILURE (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/2880/) |
|
Relates to ManageIQ/manageiq#7536 @deads2k Thanks! |
|
Approved per pweil's assessment On Mon, Apr 11, 2016 at 10:27 AM, Mooli Tayer notifications@github.com
|
|
@liggitt barring any better names, the rest looks clean? |
|
[merge] |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_origin/5571/) (Image: devenv-rhel7_3956) |
|
Evaluated for origin merge up to 7f6db1f |
|
Would "approver" be more indicative of giving write access? |
|
The role definitely is intended to be vague - to cover viewing AND On Tue, Apr 12, 2016 at 9:46 AM, Jordan Liggitt notifications@github.com
|
7 participants
Adds a
system:image-auditorrole for components that want to monitor new images in the docker registry and annotate the image as "good" or "bad" based on scan results.@smarterclayton Approval? I think this is low risk and helps teams trying to integrate with us.
@simon3z @moolitayer Comments on whether this satisfies your use-case?