disallow service account overwrite when namespace overwrite is not supplied (!1123) · Merge requests · GitLab.org / gitlab-runner

David Schile requested to merge bajacondor/gitlab-runner:restrict-service-account-overwrite into main Dec 27, 2018

What does this MR do?

When service account overwrite is requested by user, Make sure namespace overwrite has also been specified.

Why was this MR needed?

There is a security risk when users can specify a serviceaccount in the default CI namespace. Using a service account in the default namespace (such as the serviceaccount used to run the executor) could disrupt other teams using the default CI namespace.

Are there points in the code the reviewer needs to double check?

Does this MR meet the acceptance criteria?

Documentation created/updated
Added tests for this feature/bug
In case of conflicts with master - branch was rebased

disallow service account overwrite when namespace overwrite is not supplied

What does this MR do?

Why was this MR needed?

Are there points in the code the reviewer needs to double check?

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Merge request reports