From fe125f80f3064bd5e70447af052424d234ee72f6 Mon Sep 17 00:00:00 2001 From: Ryan Sanna Date: Tue, 14 Sep 2021 14:20:32 -0700 Subject: [PATCH 1/2] fix role revision index for rolebindings that bind to clusterroles --- pkg/accesscontrol/policy_rule_index.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/accesscontrol/policy_rule_index.go b/pkg/accesscontrol/policy_rule_index.go index 1fc9d76..b6e0aac 100644 --- a/pkg/accesscontrol/policy_rule_index.go +++ b/pkg/accesscontrol/policy_rule_index.go @@ -90,8 +90,7 @@ func (p *policyRuleIndex) addRolesToHash(digest hash.Hash, subjectName string) { digest.Write(null) case "ClusterRole": digest.Write([]byte(rb.RoleRef.Name)) - digest.Write([]byte(rb.Namespace)) - digest.Write([]byte(p.revisions.roleRevision(rb.Namespace, rb.RoleRef.Name))) + digest.Write([]byte(p.revisions.roleRevision("", rb.RoleRef.Name))) digest.Write(null) } } From 793ace1aa147afb37f71fb1c879992a6c1b72def Mon Sep 17 00:00:00 2001 From: Dan Ramich Date: Wed, 22 Sep 2021 13:40:45 -0600 Subject: [PATCH 2/2] Vendor update for APIserver --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f1b1c57..dd7f74a 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/imdario/mergo v0.3.8 // indirect github.com/pborman/uuid v1.2.0 github.com/pkg/errors v0.9.1 - github.com/rancher/apiserver v0.0.0-20210818221223-fb33444dfae8 + github.com/rancher/apiserver v0.0.0-20210922180056-297b6df8d714 github.com/rancher/dynamiclistener v0.2.1-0.20200714201033-9c1939da3af9 github.com/rancher/kubernetes-provider-detector v0.1.2 github.com/rancher/norman v0.0.0-20210423002317-8e6ffc77a819 diff --git a/go.sum b/go.sum index 9974d78..9f47f9e 100644 --- a/go.sum +++ b/go.sum @@ -444,8 +444,8 @@ github.com/prometheus/procfs v0.2.0 h1:wH4vA7pcjKuZzjF7lM8awk4fnuJO6idemZXoKnULU github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d/go.mod h1:7DPO4domFU579Ga6E61sB9VFNaniPVwJP5C4bBCu3wA= -github.com/rancher/apiserver v0.0.0-20210818221223-fb33444dfae8 h1:Lg2urAlvMUO+sH8tFQMZzsgn+wP5hVjkVghVQtobqow= -github.com/rancher/apiserver v0.0.0-20210818221223-fb33444dfae8/go.mod h1:8W0EwaR9dH5NDFw6mpAX437D0q+EZqKWbZyX71+z2WI= +github.com/rancher/apiserver v0.0.0-20210922180056-297b6df8d714 h1:DJPC3bY+yy8Ne4ge2FYs7k6J0CWERTL47hlKXTCgPYs= +github.com/rancher/apiserver v0.0.0-20210922180056-297b6df8d714/go.mod h1:8W0EwaR9dH5NDFw6mpAX437D0q+EZqKWbZyX71+z2WI= github.com/rancher/client-go v1.20.0-rancher.1 h1:B85UDTIx+0XgOyv0obL9HJSNdY3mNBi1+wm26TOQZ8o= github.com/rancher/client-go v1.20.0-rancher.1/go.mod h1:UTdyXFcu9VZV4qQRKGXCa0KdMX4HTCXClRs4s7yFdDQ= github.com/rancher/dynamiclistener v0.2.1-0.20200714201033-9c1939da3af9 h1:Mo5mPXi7k/TgzMcUIuDpbNxiX2bYh68+yEpaur5Nx80=