# See the OWNERS docs at https://go.k8s.io/owners

# approval on api packages bubbles to api-approvers
reviewers:
  - sig-apps-reviewers
  - sig-auth-policy-approvers
  - sig-auth-policy-reviewers
labels:
  - sig/auth

# See the OWNERS docs at https://go.k8s.io/owners

options:
  # make root approval non-recursive
  no_parent_owners: true
reviewers:
  - aojea
  - bentheelder
  - cheftako
  - dims
  - justaugustus
  - liggitt
  - wojtek-t
approvers:
  - aojea
  - bentheelder
  - cheftako
  - dims
  - liggitt
  - wojtek-t
emeritus_approvers:
  - mikedanese
  - spiffxp
  - eparis
  - roberthbailey # 2019-03-08

# See the OWNERS docs at https://go.k8s.io/owners

# approval on api packages bubbles to api-approvers
reviewers:
  - sig-apps-api-reviewers
  - sig-apps-api-approvers
  - sig-auth-policy-approvers
  - sig-auth-policy-reviewers
labels:
  - sig/auth

# See the OWNERS docs at https://go.k8s.io/owners

options:
  # make root approval non-recursive
  no_parent_owners: true
reviewers:
  - alisondy
  - cblecker
  - guineveresaenger
  - mrbobbytables
  - nikhita
  - parispittman
  - palnabarun
  - kaslin
  - MadhavJivrajani
  - Priyankasaggu11929
approvers:
  - sig-contributor-experience-approvers
  - parispittman
emeritus_approvers:
  - castrojo
  - Phillels

aliases:
  # Note: sig-architecture-approvers has approval on root files (including go.mod/go.sum) until https://github.com/kubernetes/test-infra/pull/21398 is resolved.
  # People with approve rights via this alias should defer dependency update PRs to dep-approvers.
  sig-architecture-approvers:
    - dims
    - derekwaynecarr
    - johnbelamaric
  # sig-auth subproject aliases
  sig-auth-audit-approvers:
    - sttts
    - tallclair

oauth2:
  # use ["code", "token", "id_token"] to enable implicit flow for web-only clients
  responseTypes: [ "code", "token", "id_token" ] # also allowed are "token" and "id_token"
  # By default, Dex will ask for approval to share data with application
  # (approval for sharing data from connected IdP to Dex is separate process on IdP)
  skipApprovalScreen: false
  # If only one authentication method is enabled, the default behavior is to

# See the OWNERS docs at https://go.k8s.io/owners

options:
  # make root approval non-recursive
  no_parent_owners: true
reviewers:
  - bentheelder
  - cblecker
  - dchen1107
  - hwdef
  - justaugustus
  - liggitt
  - mikedanese
  - pohly
  - SataQiu
  - smarterclayton
  - spiffxp
  - sttts
  - thockin
  - wojtek-t
approvers:
  - bentheelder
  - cblecker
  - dchen1107
  - deads2k

# See the OWNERS docs at https://go.k8s.io/owners

options:
  # make root approval non-recursive
  no_parent_owners: true
approvers:
  - release-engineering-approvers
  - release-managers
  - AuraSinis # 1.24 Release Notes Lead
  - cici37 # 1.23 Release Notes Lead
  - csantanapr # 1.25 Release Notes Lead
  - harshanarayana # 1.27 Release Notes Lead
  - ramrodo # 1.26 Release Notes Lead
  - sanchita-07 # 1.28 Release Notes Lead

	return r.store.ConvertToTable(ctx, object, tableOptions)
}

var _ = rest.Patcher(&StatusREST{})

// ApprovalREST implements the REST endpoint for changing the approval state of a CSR.
type ApprovalREST struct {
	store *genericregistry.Store
}

// New creates a new CertificateSigningRequest object.
func (r *ApprovalREST) New() runtime.Object {

		approved, err := a.authorize(ctx, csr, r.permission)
		if err != nil {
			return err
		}
		if approved {
			appendApprovalCondition(csr, r.successMessage)
			_, err = a.client.CertificatesV1().CertificateSigningRequests().UpdateApproval(ctx, csr.Name, csr, metav1.UpdateOptions{})
			if err != nil {
				return fmt.Errorf("error updating approval for csr: %v", err)
			}
			return nil