-
Story
-
Resolution: Done
-
Normal
-
None
-
None
-
None
-
1
-
False
-
None
-
False
-
SECFLOWOTL-86 - Improve GitOps Service tenant isolation
-
-
-
GITOPS Sprint 249, GITOPS Core Sprint 3248, GITOPS Core Sprint 3249, GITOPS Core Sprint 3251, GITOPS Core Sprint 3252, GITOPS Core Sprint 3253, GITOPS Core Sprint 3254, GitOps Tangerine - Sprint 2255, GitOps Tangerine - Sprint 3256, GitOps Tangerine - Sprint 3258, GitOps Tangerine - Sprint 3259, GitOps Tangerine - Sprint 3261, GitOps Tangerine - Sprint 3262
Goal
Fix GitOps Engine code to honor Impersonate configuration set in the Application sync context for all kubectl commands that are being executed.
Acceptance Criteria:
- It should be possible for the GitOps Engine to run application sync using impersonation config.
- When impersonation config is not set, then the existing behaviour of using the control-plane service account for the sync operation must be the default behaviour.
- If there is error in the impersonation configuration, then error with appropriate message should be reported.
- If the impersonating user does not have sufficient permissions for the application sync to happen, then the sync operation should fail with an appropriate error message.
- is cloned by
-
-
- Closed
-
