Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce a feature flag for initial release to allow seamless upgrade experience #4563

Closed
DarshitChanpura opened this issue Jul 15, 2024 · 4 comments
Closed

Introduce a feature flag for initial release to allow seamless upgrade experience #4563

DarshitChanpura opened this issue Jul 15, 2024 · 4 comments
Labels
resource-permissions Label to track all items related to resource permissions triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@DarshitChanpura
Copy link
Member

DarshitChanpura commented Jul 15, 2024
edited
Loading

Description

Targeted for initial release, this task aims at introducing a feature flag for resource-permission evaluation. This feature flag plugins.security.resource_permissions.enabled should be assumed to be false for this initial version release, and will allow a smoother upgrade experience.
@DarshitChanpura DarshitChanpura mentioned this issue Jul 15, 2024
Open
4 tasks
@github-actions github-actions bot added the untriaged Require the attention of the repository maintainers and may need to be prioritized label Jul 15, 2024
@shikharj05
Copy link
Contributor

@DarshitChanpura I think instead of this being a binary flag, should this support different modes-

  1. Disabled - do not evaluate resource permissions
  2. Monitor/Permissive - log evaluation results but do not fail requests if resource permissions are lacking
  3. Enabled/enforced - fail requests if resource permission evaluation fails

Monitor/Permissive mode should allow for smoother migration modes for users. Thoughts?

@DarshitChanpura
Copy link
Member Author

aggreed. I have already expressed this on the proposal itself: #4500 (comment)

@stephen-crawford
Copy link
Contributor

[Triage] Hi @DarshitChanpura, thanks for filing this issue. This looks like it is a subtask for the linked meta so I will mark as triaged.

@stephen-crawford stephen-crawford added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Jul 22, 2024
@DarshitChanpura DarshitChanpura added the resource-permissions Label to track all items related to resource permissions label Jul 23, 2024
@DarshitChanpura
Copy link
Member Author

Closing this in favor of new design which will be released under experimental flag.

@DarshitChanpura DarshitChanpura closed this as not planned Won't fix, can't repro, duplicate, stale Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
resource-permissions Label to track all items related to resource permissions triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shikharj05 @DarshitChanpura @stephen-crawford