Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Labels:
None

Work Type:
BU Product Work
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Pod Security Admission Integration - Restricted Enforcement
Feature Link:
OCPSTRAT-487 - Pod Security Admission Integration - Restricted Enforcement
Intelligence Requested:
Market:

Sprint:
Auth - Sprint 250

Target Version:

openshift-4.17

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

What

Add an annotation that shows what the label syncer would set.

Why

If a customer takes ownership of the audit and warn labels it is unclear what the label syncer would enforce, without evaluating all the SCCs of all users in the namespace.

This:

creates a blindspot in CFE / cluster-debug-tools
makes it hard to block upgrades confidently.

Notes

Must be set, when label syncer would set the value.
Can be set in all other cases (easier debugging on customer side).

links to

openshift/api#1980: AUTH-527: security/v1 - add constant for enforcing psa annotation

Assignee:: Krzysztof Ostrowski

Reporter:: Krzysztof Ostrowski

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/07/31 1:16 PM

Updated:: 2024/11/12 9:14 PM

Resolved:: 2024/09/18 8:52 AM

Details

Description

What

Why

Notes

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates