Skip to content

Commit

Permalink
Harden pipeline pull-request promotions security documentation and re…
Browse files Browse the repository at this point in the history
…commendations (weaveworks#3540)

* extending token protection

* extending security section for pull requests with greater e2e detail and verification

* updated review token point and typos along the document fixed

* WIP tweak language (squash into previous)

This is Eneko and Michael going through together and refining some of the points.

* added policy snippets for each of the mentioned policies to provide more guidance to users.

* More WIP tweaking

* updated to use good practices policy library resources

* Refactored policy section adding link to policy library for both rbac good practices and workload escalation.

* using policy config for pipeline ns workload escalation

* added policy config for managing exclusions and workload escalation paths

* Accepted review suggestion

Co-authored-by: Michael Bridgen <[email protected]>

* Added HMAC link for better understanding

Co-authored-by: Michael Bridgen <[email protected]>

* typo fixed

Co-authored-by: Michael Bridgen <[email protected]>

* rewording for more natural reading

Co-authored-by: Michael Bridgen <[email protected]>

* updated verify security resources to use main branch after PR was merged

* Review rewording to enhance readability and understanding.

Co-authored-by: Michael Bridgen <[email protected]>

* added info on what to do when there is no direct access to the policy library by a customer.

* allow-flux policyconfig aligned after policy library review

* backport to the latest release

---------

Co-authored-by: Michael Bridgen <[email protected]>
  • Loading branch information
enekofb and squaremo authored Aug 3, 2023
1 parent 66087ab commit 4953c55
Show file tree
Hide file tree
Showing 4 changed files with 528 additions and 176 deletions.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 4953c55

Please sign in to comment.