disallow service account overwrite when namespace overwrite is not supplied
What does this MR do?
When service account overwrite is requested by user, Make sure namespace overwrite has also been specified.
Why was this MR needed?
There is a security risk when users can specify a serviceaccount in the default CI namespace. Using a service account in the default namespace (such as the serviceaccount used to run the executor) could disrupt other teams using the default CI namespace.
Are there points in the code the reviewer needs to double check?
Does this MR meet the acceptance criteria?
- Documentation created/updated
- Added tests for this feature/bug
-
In case of conflicts with
master- branch was rebased