Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RBAC audit #951

Open
andrewazores opened this issue Sep 13, 2024 · 1 comment
Open

RBAC audit #951

andrewazores opened this issue Sep 13, 2024 · 1 comment
Labels
chore Refactor, rename, cleanup, etc.

Comments

@andrewazores
Copy link
Member

ex.

cryostat-operator/config/rbac/role.yaml

Line 20 in 53b69d2

- '*'

The RBAC verbs should be explicitly listed out for each permission, rather than wildcarded.
@andrewazores andrewazores added the chore Refactor, rename, cleanup, etc. label Sep 13, 2024
@andrewazores andrewazores moved this to Backlog in 4.0.0 release Sep 13, 2024
@ebaron
Copy link
Member

ebaron commented Sep 13, 2024

I think there are also some unused permissions. I don't think we need oauthaccesstokens or selfsubjectaccessreviews for the OAuth Proxy.

@andrewazores andrewazores changed the title RBAC definitions should avoid wildcards, list all verbs RBAC audit Sep 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
chore Refactor, rename, cleanup, etc.
Projects
4.0.0 release
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewazores @ebaron