1
0
mirror of https://github.com/rancher/types.git synced 2025-07-10 03:53:02 +00:00
types/apis
rajashree dc55e60da1 Make service account creds required for google oauth
In the absence of service account creds, non-admin users from google's
hosted domain cannot lookup groups, even their own groups (Restriction
from google api). So even during login we can't find out what groups the
user belongs to. Admins of hosted google domain do not have the same restriction.
So they can still search for and add groups that non-admin google users
belong to. This will cause lot of inconsistencies, since admins can add
a user's groups, but user still won't have access to rancher. So making
service account credentials a required field will avoid all this, and
searching users/groups will work equally for all google users.

Hostname should not be updatable once auth is setup, since the
principalIds assigned to users after they log into rancher contain
their google addresses which have the hostname.
2019-06-21 10:55:50 -07:00
..
apps/v1beta2 Update vendor and generate code 2019-05-28 18:58:21 -07:00
autoscaling/v2beta2 go generate 2019-05-31 07:57:20 -07:00
batch go generate 2019-06-12 08:42:39 -07:00
cluster.cattle.io/v3 go generate 2019-06-12 08:42:39 -07:00
core/v1 go generate 2019-06-12 08:42:39 -07:00
extensions/v1beta1 Update vendor and generate code 2019-05-28 18:58:21 -07:00
management.cattle.io Make service account creds required for google oauth 2019-06-21 10:55:50 -07:00
monitoring.coreos.com/v1 go generate 2019-06-12 08:42:39 -07:00
networking.k8s.io/v1 go generate 2019-06-12 08:42:39 -07:00
project.cattle.io/v3 go generate 2019-06-12 08:42:39 -07:00
rbac.authorization.k8s.io/v1 go generate 2019-06-12 08:42:39 -07:00