open-cluster-management

mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-05-06 17:27:08 +00:00

Files

OpenShift Cherrypick Robot d9f825193c 🐛 fix: Propagate UserInfo.Extra field in ManifestWork webhook SAR (#1435 )

This commit fixes a security vulnerability where the ManifestWork
validating webhook was not passing the UserInfo.Extra field when
constructing SubjectAccessReview (SAR) requests. This omission could
lead to authorization bypass when external authorization policies
rely on Extra fields (e.g., OIDC claims, department attributes).

The fix adds Extra field conversion logic consistent with the
ManagedCluster webhook implementation and includes comprehensive
test coverage to verify the Extra field is properly propagated.

Fixes #1425

🤖 Assisted by Claude Code

Signed-off-by: zhujian <jiazhu@redhat.com>
Co-authored-by: zhujian <jiazhu@redhat.com>

2026-03-13 01:57:56 +00:00

helper

✨ Workload conditions (#910 )

2025-06-11 15:47:35 +00:00

hub

add deletionPolicy for manifestworkReplicaset (#996 )

2025-05-28 01:12:21 +00:00

spoke

✨ Workload conditions (#910 )

2025-06-11 15:47:35 +00:00

webhook

🐛 fix: Propagate UserInfo.Extra field in ManifestWork webhook SAR (#1435 )

2026-03-13 01:57:56 +00:00

OWNERS

Add owner file for sub project (#182 )

2023-06-13 05:21:07 -04:00