krane icon indicating copy to clipboard operation
krane copied to clipboard

Published 20 hours ago verified publisher icon appvia

apiGroup is not being taken into account

Open kplimack opened this issue 4 years ago • 1 comments

Screen Shot 2020-07-13 at 10 38 29 AM As you can see here, `collins-operator` is purported to have "GET ALL IN ALL NAMESPACES", but if you look at the policy in question (below), you'll see that it actually has limited scope. 

rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - create
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - metal3.io
  resources:
  - '*'
  verbs:
  - get
  - create
  - list

kplimack avatar Jul 13 '20 16:07 kplimack

Hi @kplimack. Thanks for logging the issue above. We'll look into that.

marcinc avatar Jul 14 '20 16:07 marcinc