github/open-cluster-management
1
0
Fork 0
mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-05-07 01:36:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
open-cluster-management/pkg/work/webhook
History
Jian Zhu 4f173e7ba7 🐛 fix: Propagate UserInfo.Extra field in ManifestWork webhook SAR (#1427) 
This commit fixes a security vulnerability where the ManifestWork
validating webhook was not passing the UserInfo.Extra field when
constructing SubjectAccessReview (SAR) requests. This omission could
lead to authorization bypass when external authorization policies
rely on Extra fields (e.g., OIDC claims, department attributes).

The fix adds Extra field conversion logic consistent with the
ManagedCluster webhook implementation and includes comprehensive
test coverage to verify the Extra field is properly propagated.

Fixes #1425

🤖 Assisted by Claude Code

Signed-off-by: zhujian <jiazhu@redhat.com>
2026-03-12 07:26:16 +00:00
..
common
Add duplicate manifest detection in ManifestWork webhook validation (#1310)
2026-01-19 06:09:25 +00:00
v1
🐛 fix: Propagate UserInfo.Extra field in ManifestWork webhook SAR (#1427)
2026-03-12 07:26:16 +00:00
v1alpha1
Bump kubernetes lib to 1.35 (#1414)
2026-03-08 11:01:58 +00:00
doc.go
Relocate pkgs. (#146)
2023-05-29 07:20:55 -04:00
option_test.go
Refactor webhook to use a common webhook option (#1096)
2025-07-29 07:38:59 +00:00
option.go
Refactor webhook to use a common webhook option (#1096)
2025-07-29 07:38:59 +00:00
start_test.go
Refactor webhook to use a common webhook option (#1096)
2025-07-29 07:38:59 +00:00
start.go
Refactor webhook to use a common webhook option (#1096)
2025-07-29 07:38:59 +00:00