-
Bug
-
Resolution: Done
-
Critical
-
Pipelines 1.15.0
-
None
Description of problem:
User with access to the namespace can approve any task on behalf of any user
Prerequisites (if any, like setup, operators/versions):
Pipelines 1.15.0 (index image 739353)
OpenShift 4.16
Steps to Reproduce
- Create a pipeline with approval task in a new namespace
- give "user1" permissions to access this namespace
- run the pipeline
- list approval tasks - opc approvaltask list
- try to approve task using CLI - opc approvaltask approve <task_name>
- try to approve task by editing it - oc edit approvaltask <task_name>
Actual results:
correct behavior:
$ opc approvaltask approve manual-approval-pipeline-eeuwp1-task-2 Error: failed to approve approvalTask from namespace manualtest: Approver: user1, is not present in the approvers list
wrong behavior:
oc edit approvaltask manual-approval-pipeline-eeuwp1-task-2 # set "approve" for user "foo" which actually doesn't exist at all approvaltask.openshift-pipelines.org/manual-approval-pipeline-eeuwp1-task-2 edited
Expected results:
User's input is validated
Reproducibility (Always/Intermittent/Only Once):
Always
Acceptance criteria:
Definition of Done:
Build Details:
Additional info (Such as Logs, Screenshots, etc):
*
- relates to
-
SRVKP-1453 Manual approval in pipelines
-
- Closed
-
