trident icon indicating copy to clipboard operation
trident copied to clipboard
verified publisher icon NetApp

Duplicate RBAC entries for the `namespaces` resource

Open lindhe opened this issue 2 years ago • 0 comments

Describe the bug There exists duplicate entries for the namespace resource in the trident-operator ClusterRole:

https://github.com/NetApp/trident/blob/ee2d9743551c82635d411da878389ffbd9f5f655/helm/trident-operator/templates/clusterrole.yaml#L10-L16

https://github.com/NetApp/trident/blob/ee2d9743551c82635d411da878389ffbd9f5f655/helm/trident-operator/templates/clusterrole.yaml#L244-L250

This makes it harder than necessary to review what permissions are granted to the application.

Expected behavior

Instead of having one rule for get and list and one rule for create and patch, I would have expected there to be only one rule for all four verbs:

 - apiGroups: 
     - "" 
   resources: 
     - namespaces 
   verbs:
     - get
     - list
     - create 
     - patch

Additional context

Note that there are other rules which may seem to also be duplicates, like podsecuritypolicies and securitycontextconstraints. These, however, do actually differ since they have specified resourceNames for each "duplicate" entry!

lindhe avatar Jul 05 '23 11:07 lindhe