ContainerImage.Pinniped/deploy
Monis Khan 898f2bf942
impersonator: run as a distinct SA with minimal permissions
This change updates the impersonation proxy code to run as a
distinct service account that only has permission to impersonate
identities.  Thus any future vulnerability that causes the
impersonation headers to be dropped will fail closed instead of
escalating to the concierge's default service account which has
significantly more permissions.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-06-11 12:13:53 -04:00
..
concierge impersonator: run as a distinct SA with minimal permissions 2021-06-11 12:13:53 -04:00
local-user-authenticator fix a typo in some comments 2021-03-22 09:34:58 -07:00
supervisor Default groupSearch.attributes.groupName to "dn" instead of "cn" 2021-05-28 13:27:11 -07:00