Skip to content

feat: Add support for impersonation --as and --as-group flags #35240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 4, 2024
Merged

feat: Add support for impersonation --as and --as-group flags #35240

merged 1 commit into from
Nov 4, 2024

Conversation

cnmcavoy
Copy link
Contributor

@cnmcavoy cnmcavoy commented Oct 4, 2024

Please ensure your pull request adheres to the following guidelines:

  • For first time contributors, read Submitting a pull request
  • All code is covered by unit and/or runtime tests where feasible.
  • All commits contain a well written commit description including a title,
    description and a Fixes: #XXX line if the commit addresses a particular
    GitHub issue.
  • If your commit description contains a Fixes: <commit-id> tag, then
    please add the commit author[s] as reviewer[s] to this issue.
  • All commits are signed off. See the section Developer’s Certificate of Origin
  • Provide a title or release-note blurb suitable for the release notes.
  • Are you a user of Cilium? Please add yourself to the Users doc
  • Thanks for contributing!

We use impersonation as cluster admins to elevate access to customer secrets and certain resources, and kubectl supports this with the --as or --as-group flags. Currently to use the cilium cli tool, we have to hand edit our kubeconfig to add as: for our user, and then remember to remove it afterwords. Supporting impersonation directly in the Cilium cli tooling would make it much safer for us and align cilium with other kubectl flags.

Note: previously implemented and reviewed over in the cilium/cilium-cli: cilium/cilium-cli#2696

Fixes: N/A

Add cli support for impersonation --as and --as-group flags

@cnmcavoy cnmcavoy requested review from a team as code owners October 4, 2024 17:35
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Oct 4, 2024
@github-actions github-actions bot added cilium-cli This PR contains changes related with cilium-cli cilium-cli-exclusive This PR only impacts cilium-cli binary kind/community-contribution This was a contribution made by a community member. labels Oct 4, 2024
@cnmcavoy cnmcavoy mentioned this pull request Oct 4, 2024
Closed
@nebril nebril added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Oct 7, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Oct 7, 2024
giorio94
giorio94 reviewed Oct 9, 2024
View reviewed changes
@cnmcavoy cnmcavoy force-pushed the cmcavoy/impersonation branch from 394be98 to beaf5be Compare October 9, 2024 17:30
@cnmcavoy cnmcavoy requested a review from giorio94 October 9, 2024 17:34
giorio94
giorio94 reviewed Oct 10, 2024
View reviewed changes
@cnmcavoy cnmcavoy force-pushed the cmcavoy/impersonation branch from beaf5be to ebb0c99 Compare October 11, 2024 17:43
@cnmcavoy cnmcavoy requested a review from giorio94 October 11, 2024 17:44
giorio94
giorio94 approved these changes Oct 14, 2024
View reviewed changes
Copy link
Member

@giorio94 giorio94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@giorio94
Copy link
Member

/test

@aanm
Copy link
Member

aanm commented Oct 21, 2024

@cnmcavoy it needs a rebase.

@derailed
Copy link
Contributor

@cnmcavoy It looks like we have some conflicts. Could you take a peek? Thank you!

@cnmcavoy
feat: Add support for impersonation --as and --as-group flags
15b9be4 
Signed-off-by: Cameron McAvoy <cmcavoy@indeed.com>
@cnmcavoy cnmcavoy force-pushed the cmcavoy/impersonation branch from ebb0c99 to 15b9be4 Compare October 30, 2024 21:52
@giorio94
Copy link
Member

/test

@aanm aanm enabled auto-merge November 4, 2024 10:28
@aanm aanm added this pull request to the merge queue Nov 4, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Nov 4, 2024
Merged via the queue into cilium:main with commit 8f81a04 Nov 4, 2024
63 checks passed
@github-actions github-actions bot mentioned this pull request Dec 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nathanjsweet nathanjsweet nathanjsweet approved these changes

@nebril nebril nebril approved these changes

@giorio94 giorio94 giorio94 approved these changes

Assignees
No one assigned
Labels
cilium-cli This PR contains changes related with cilium-cli cilium-cli-exclusive This PR only impacts cilium-cli binary kind/community-contribution This was a contribution made by a community member. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@cnmcavoy @giorio94 @aanm @derailed @nathanjsweet @nebril