Tags: caipp/fiat
Tags
fix(roles): Avoid filtering when `allowAccessToUnknownApplications` i… …s enabled (spinnaker#255) This flag was originally added to allow sites with large numbers of applications to avoid needlessly serializing the same set of applications for each user. Unfortunately it doesn't play nice when an application was explicitly filtered out because a user was not granted access to it! This PR will no longer filter applications but rather include them in the permission with _no_ authorizations. It only applies when `allowAccessToUnknownApplications` is enabled. ``` [ { "name": "clouddriver", "authorizations": [ "READ", "WRITE" ] }, { "name": "orca", "authorizations": [ ] } ] ``` vs ``` [ { "name": "clouddriver", "authorizations": [ "READ", "WRITE" ] } ] ```
feat(api): FiatPermissionEvaluator reliablity (spinnaker#254) Adds retry support for calls to fiat in FiatPermissionEvaluator Invalidates cached users if they contain legacyFallback permissions
feat(api): Allow `admin` to access any resource regardless of permiss… …ion (spinnaker#253)
feat(roles): Adding dynomite support (spinnaker#249) Also fixes a bug that failed to revoke roles during put operations.
feat(metrics): Enable the `OkHttpMetricsInterceptor` for `FiatService` ( spinnaker#251)
feat(core): Support allowing default access to all unknown applications An unknown application is one that does not have explicitly specified permissions. It may exist in `front50` or it may not. Can be enabled by `fiat.allowAccessToUnknownApplications: true`.
chore(dependencies): spinnaker-dependencies to 0.161.6 (spinnaker#246)
fix(roles): Introduce cache / short refresh around clouddriver calls (s… …pinnaker#243) Cuts down on the number of calls to clouddriver for metadata that does not change all that frequently. Noticed a fairly high volume of calls falling through from x509 authentication attempts, more than seemed reasonable.
PreviousNext