Skip to content

Auth: Merge variable denylists and protections from multiple roles#1302

Merged
nilmerg merged 1 commit intomainfrom
change-variable-restrictions
Nov 19, 2025
Merged

Auth: Merge variable denylists and protections from multiple roles#1302
nilmerg merged 1 commit intomainfrom
change-variable-restrictions

Conversation

@nilmerg
Copy link
Member

@nilmerg nilmerg commented Nov 14, 2025

No description provided.

@nilmerg nilmerg added this to the 1.3.0 milestone Nov 14, 2025
@nilmerg nilmerg requested a review from lippserd November 14, 2025 13:35
@nilmerg nilmerg self-assigned this Nov 14, 2025
@cla-bot cla-bot bot added the cla/signed CLA is signed by all contributors of a PR label Nov 14, 2025
@nilmerg nilmerg added affects-upgrades The change requires migration or user awareness area/access-control Affects the authorization of users and removed cla/signed CLA is signed by all contributors of a PR labels Nov 14, 2025
@nilmerg nilmerg force-pushed the change-variable-restrictions branch from 22e1aef to c3227b5 Compare November 18, 2025 12:11
@cla-bot cla-bot bot added the cla/signed CLA is signed by all contributors of a PR label Nov 18, 2025
lippserd
lippserd approved these changes Nov 18, 2025
View reviewed changes
Copy link
Member

@lippserd lippserd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Roughly tested several roles mixing variables with denylist and protect with and without placeholders, as well as restrictions using these variables. Everything worked as expected. And you were right, I was mistaken about the functionality we introduced in the security release.

BastianLedererIcinga
BastianLedererIcinga approved these changes Nov 19, 2025
View reviewed changes
Copy link
Contributor

@BastianLedererIcinga BastianLedererIcinga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tried mixing roles with different denied and protected vars, including inherited roles. Worked as described in the docs in every case.

@nilmerg nilmerg merged commit 2590556 into main Nov 19, 2025
10 checks passed
@nilmerg nilmerg deleted the change-variable-restrictions branch November 19, 2025 07:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lippserd lippserd lippserd approved these changes

@BastianLedererIcinga BastianLedererIcinga BastianLedererIcinga approved these changes

Assignees

@nilmerg nilmerg

Labels

affects-upgrades The change requires migration or user awareness area/access-control Affects the authorization of users cla/signed CLA is signed by all contributors of a PR

Projects

None yet

Milestone

1.3.0

Development

Successfully merging this pull request may close these issues.

3 participants

@nilmerg @lippserd @BastianLedererIcinga