# See the OWNERS docs at https://go.k8s.io/owners

# approval on api packages bubbles to api-approvers
reviewers:
  - sig-apps-reviewers
  - sig-auth-policy-approvers
  - sig-auth-policy-reviewers
labels:
  - sig/auth

# See the OWNERS docs at https://go.k8s.io/owners

options:
  # make root approval non-recursive
  no_parent_owners: true
reviewers:
  - aojea
  - bentheelder
  - cheftako
  - dims
  - justaugustus
  - liggitt
  - wojtek-t
approvers:
  - aojea
  - bentheelder
  - cheftako
  - dims
  - liggitt
  - wojtek-t
emeritus_approvers:
  - mikedanese
  - spiffxp
  - eparis
  - roberthbailey # 2019-03-08

# See the OWNERS docs at https://go.k8s.io/owners

options:
  # make root approval non-recursive
  no_parent_owners: true
reviewers:
  - alisondy
  - cblecker
  - guineveresaenger
  - mrbobbytables
  - nikhita
  - parispittman
  - palnabarun
  - kaslin
  - MadhavJivrajani
  - Priyankasaggu11929
approvers:
  - sig-contributor-experience-approvers
  - parispittman
emeritus_approvers:
  - castrojo
  - Phillels

# See the OWNERS docs at https://go.k8s.io/owners

# approval on api packages bubbles to api-approvers
reviewers:
  - sig-apps-api-reviewers
  - sig-apps-api-approvers
  - sig-auth-policy-approvers
  - sig-auth-policy-reviewers
labels:
  - sig/auth

oauth2:
  # use ["code", "token", "id_token"] to enable implicit flow for web-only clients
  responseTypes: [ "code", "token", "id_token" ] # also allowed are "token" and "id_token"
  # By default, Dex will ask for approval to share data with application
  # (approval for sharing data from connected IdP to Dex is separate process on IdP)
  skipApprovalScreen: false
  # If only one authentication method is enabled, the default behavior is to

# See the OWNERS docs at https://go.k8s.io/owners

options:
  # make root approval non-recursive
  no_parent_owners: true
reviewers:
  - bentheelder
  - cblecker
  - dchen1107
  - hwdef
  - justaugustus
  - liggitt
  - mikedanese
  - pohly
  - SataQiu
  - smarterclayton
  - spiffxp
  - sttts
  - thockin
  - wojtek-t
approvers:
  - bentheelder
  - cblecker
  - dchen1107
  - deads2k

# See the OWNERS docs at https://go.k8s.io/owners

options:
  # make root approval non-recursive
  no_parent_owners: true
approvers:
  - release-engineering-approvers
  - release-managers
  - AuraSinis # 1.24 Release Notes Lead
  - cici37 # 1.23 Release Notes Lead
  - csantanapr # 1.25 Release Notes Lead
  - harshanarayana # 1.27 Release Notes Lead
  - ramrodo # 1.26 Release Notes Lead
  - sanchita-07 # 1.28 Release Notes Lead

	return r.store.ConvertToTable(ctx, object, tableOptions)
}

var _ = rest.Patcher(&StatusREST{})

// ApprovalREST implements the REST endpoint for changing the approval state of a CSR.
type ApprovalREST struct {
	store *genericregistry.Store
}

// New creates a new CertificateSigningRequest object.
func (r *ApprovalREST) New() runtime.Object {

		approved, err := a.authorize(ctx, csr, r.permission)
		if err != nil {
			return err
		}
		if approved {
			appendApprovalCondition(csr, r.successMessage)
			_, err = a.client.CertificatesV1().CertificateSigningRequests().UpdateApproval(ctx, csr.Name, csr, metav1.UpdateOptions{})
			if err != nil {
				return fmt.Errorf("error updating approval for csr: %v", err)
			}
			return nil

1. Send an email to the SIG Architecture [mailing
   list](https://groups.google.com/forum/#!forum/kubernetes-sig-architecture)
   and the mailing list of the SIG which would own the repo requesting approval
   for creating the staging repository.

2. Once approval has been granted, create the new staging repository.

3. Update
   [`import-restrictions.yaml`](/staging/publishing/import-restrictions.yaml)