mirror of
https://github.com/rancher/types.git
synced 2025-07-10 12:03:04 +00:00
dc55e60da1
In the absence of service account creds, non-admin users from google's hosted domain cannot lookup groups, even their own groups (Restriction from google api). So even during login we can't find out what groups the user belongs to. Admins of hosted google domain do not have the same restriction. So they can still search for and add groups that non-admin google users belong to. This will cause lot of inconsistencies, since admins can add a user's groups, but user still won't have access to rancher. So making service account credentials a required field will avoid all this, and searching users/groups will work equally for all google users. Hostname should not be updatable once auth is setup, since the principalIds assigned to users after they log into rancher contain their google addresses which have the hostname. |
||
|---|---|---|
| .. | ||
| apps/v1beta2 | ||
| autoscaling/v2beta2 | ||
| batch | ||
| cluster.cattle.io/v3 | ||
| core/v1 | ||
| extensions/v1beta1 | ||
| management.cattle.io | ||
| monitoring.coreos.com/v1 | ||
| networking.k8s.io/v1 | ||
| project.cattle.io/v3 | ||
| rbac.authorization.k8s.io/v1 | ||