Skip to content
This repository has been archived by the owner on Mar 7, 2024. It is now read-only.

Commit

Permalink
Disabled email check in TenantRequest
Browse files Browse the repository at this point in the history 
TenantRequest object can't be created by an authenticated user (API returns 403)
When using an admin account this code won't allow the creation as the email of the admin != email of user
TOFIX: User should have proper permissions
  • Loading branch information
@cscognamiglio
cscognamiglio authored Feb 7, 2024
1 parent 9378138 commit 20340d5
Showing 1 changed file with 9 additions and 6 deletions.
15 changes: 9 additions & 6 deletions pkg/admissioncontrol/webhook.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -319,12 +319,15 @@ func (wh *Webhook) validateTenantRequest(w http.ResponseWriter, r *http.Request)
}
}

if admissionReviewRequest.Request.UserInfo.Username != tenantrequest.Spec.Contact.Email {
admissionResponse.Allowed = false
admissionResponse.Result = &metav1.Status{
Message: "username, which is an email address, and contact email address must be the same",
}
}
// TenantRequest object can't be created by an tuhenticated user (API returns 403)
// When using an admin account this code won't allow the creation as the email of the admin != email of user
// TOFIX: User should have proper permissions
//if admissionReviewRequest.Request.UserInfo.Username != tenantrequest.Spec.Contact.Email {
// admissionResponse.Allowed = false
// admissionResponse.Result = &metav1.Status{
// Message: "username, which is an email address, and contact email address must be the same",
// }
//}

var admissionReviewResponse admissionv1.AdmissionReview
admissionReviewResponse.Response = admissionResponse
Expand Down

0 comments on commit 20340d5

Please sign in to comment.