terranetes-controller icon indicating copy to clipboard operation
terranetes-controller copied to clipboard
verified publisher icon appvia

Permissions Check for Custom Service Accounts

Open gambol99 opened this issue 2 years ago • 0 comments

Is your feature request related to a problem? Please describe.

Currently the RBAC provided in the helm chart is geared around the user using the default terraform-system/terraform-executor service account. If they define another service account via a Provider CRD, they need to ensure the service account has the correct RBAC permissions. At the moment this isn't obvious and leads to errors.

Describe the solution you'd like

Short-term we can update the docs - a better solution would be to check the service account has the correct permission in the first place and work on the Provider CRD status.

Additional context

We could use a SubjectAccessReview to check the permissions of the service account and ensure it's fit for purpose.

gambol99 avatar May 10 '23 15:05 gambol99