Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Reduce agent permissions. Fixes #7986 #7987

Merged
merged 9 commits into from
Feb 25, 2022
Merged

fix: Reduce agent permissions. Fixes #7986 #7987

merged 9 commits into from
Feb 25, 2022

Conversation

alexec
Copy link
Contributor

@alexec alexec commented Feb 23, 2022
edited
Loading

Signed-off-by: Alex Collins [email protected]

Fixes #7986

Removing pod patch is not as useful, if the attacker can still create work using the task-set. This fixes that.

@alexec alexec requested a review from sarabala1979 February 24, 2022 00:56
@alexec alexec marked this pull request as ready for review February 24, 2022 00:56
@alexec alexec requested a review from jessesuen as a code owner February 24, 2022 00:56
@alexec alexec marked this pull request as draft February 24, 2022 00:56
@alexec alexec marked this pull request as ready for review February 24, 2022 01:56
@alexec
Copy link
Contributor Author

alexec commented Feb 24, 2022

@jessesuen can I get your rubber-stamp approval of the proto change? It is only adding status sub-resource

alexec
alexec commented Feb 24, 2022
View reviewed changes
workflow/executor/agent.go Outdated Show resolved Hide resolved
@sarabala1979 sarabala1979 self-assigned this Feb 24, 2022
@alexec
Merge branch 'master' into perm
fdabb8e 
Signed-off-by: Alex Collins <[email protected]>
@alexec
fix: ok
4e71405 
Signed-off-by: Alex Collins <[email protected]>
@alexec
fix: ok
85f0026 
Signed-off-by: Alex Collins <[email protected]>
@alexec
fix: backoff
c455b5d 
Signed-off-by: Alex Collins <[email protected]>
@alexec
Merge branch 'master' into perm
f77f349 
Signed-off-by: Alex Collins <[email protected]>
@alexec
fix: lint
6edb90d 
Signed-off-by: Alex Collins <[email protected]>
@alexec
fix: lint
515d219 
Signed-off-by: Alex Collins <[email protected]>
@alexec alexec changed the title fix!: Reduce agent permissions. Fixes #7986 fix: Reduce agent permissions. Fixes #7986 Feb 25, 2022
@alexec alexec enabled auto-merge (squash) February 25, 2022 01:30
sarabala1979
sarabala1979 approved these changes Feb 25, 2022
View reviewed changes
Copy link
Member

@sarabala1979 sarabala1979 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@alexec alexec merged commit 06d4bf7 into argoproj:master Feb 25, 2022
@alexec alexec deleted the perm branch February 25, 2022 16:49
@terrytangyuan terrytangyuan mentioned this pull request Feb 25, 2022
Closed
@sarabala1979 sarabala1979 mentioned this pull request Mar 1, 2022
Closed
@agilgur5 agilgur5 added type/security Security related area/executor area/agent Argo Agent that runs for HTTP and Plugin templates area/manifests labels Apr 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sarabala1979 sarabala1979 sarabala1979 approved these changes

@jessesuen jessesuen Awaiting requested review from jessesuen

Assignees

@sarabala1979 sarabala1979

Labels
area/agent Argo Agent that runs for HTTP and Plugin templates area/executor area/manifests type/security Security related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Reduce agent permissions
3 participants
@alexec @sarabala1979 @agilgur5