You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PR #6031 (fix(security): gitops RBAC, exec session lifecycle, auth header fallback) was merged with 2 Copilot review comment(s) that should be addressed in a follow-up:
pkg/api/handlers/exec.go:393: There is a race window where an exec session can outlive logout: the execCancel registration happens only after init parsing and k8s/executor setup. If the user logs out after JWT validation but befor...
pkg/api/handlers/gitops_test.go:148: RBAC tests for mutating GitOps endpoints don’t include POST /api/gitops/argocd/sync, even though TriggerArgoSync is now gated by requireEditorOrAdmin (bug: gitops endpoints allow non-admin users to perform cluster mutations #6022). Adding an argocd-sync entry to gitopsMuta...
Copilot Review Comments
PR #6031 (fix(security): gitops RBAC, exec session lifecycle, auth header fallback) was merged with 2 Copilot review comment(s) that should be addressed in a follow-up:
PR: #6031
Auto-generated by copilot-comment-followup workflow