Helm Chart: Unnecessary RBAC permissions

[Yseona]

###Description

The bug is that the Deployment csi-curve-plugin-provisioner and DaemonSet csi-curve-plugin in the charts have too much RBAC permission than they need. The service account of csi-curve-plugin-provisioner is bound to the a clusterrole(controller-rbac.yaml#L12) with the following permissions:

• list verb of secrets resource (ClusterRole)

The service account of csi-curve-plugin is bound to the a clusterrole(node-rbac.yaml#L12) with the following permissions:

• update verb of nodes resource (ClusterRole)

After reading the source code of curvecsi/curve-csi, sig-storage/csi-node-driver-registrar, etc, I didn't find any Kubernetes API usages using these permissions. Besides, some of these unused permissions may have potential risks. For example, if malicious users gain control of a Kubernetes node running a csi-curve-plugin-provisioner pod, they can list all the names of the secrets, and with the name, they can get the details of all the secrets objects (since this is declared in a ClusterRole).

Therefore, these permissions should be rechecked to determine if they are truly unnecessary. If they are, the issue should be fixed by removing the unnecessary permissions or or other feasible methods.

To Reproduce

Use the helm chart with default values.