Describe the bug
There exists duplicate entries for the namespace resource in the trident-operator ClusterRole:
|
- apiGroups: |
|
- "" |
|
resources: |
|
- namespaces |
|
verbs: |
|
- get |
|
- list |
|
- apiGroups: |
|
- "" |
|
resources: |
|
- namespaces |
|
verbs: |
|
- create |
|
- patch |
This makes it harder than necessary to review what permissions are granted to the application.
Expected behavior
Instead of having one rule for get and list and one rule for create and patch, I would have expected there to be only one rule for all four verbs:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- create
- patch Additional context
Note that there are other rules which may seem to also be duplicates, like podsecuritypolicies and securitycontextconstraints. These, however, do actually differ since they have specified resourceNames for each "duplicate" entry!
Describe the bug
There exists duplicate entries for the
namespaceresource in thetrident-operatorClusterRole:trident/helm/trident-operator/templates/clusterrole.yaml
Lines 10 to 16 in ee2d974
trident/helm/trident-operator/templates/clusterrole.yaml
Lines 244 to 250 in ee2d974
This makes it harder than necessary to review what permissions are granted to the application.
Expected behavior
Instead of having one rule for
getandlistand one rule forcreateandpatch, I would have expected there to be only one rule for all four verbs:Additional context
Note that there are other rules which may seem to also be duplicates, like
podsecuritypoliciesandsecuritycontextconstraints. These, however, do actually differ since they have specifiedresourceNamesfor each "duplicate" entry!