Skip to content
This repository has been archived by the owner on Dec 21, 2023. It is now read-only.

Service account keptn-configuration-service does not need full permissions on secret management #3781

Closed
johannes-b opened this issue Apr 14, 2021 · 0 comments · Fixed by #3782
Closed

Service account keptn-configuration-service does not need full permissions on secret management #3781

johannes-b opened this issue Apr 14, 2021 · 0 comments · Fixed by #3782
Assignees
@johannes-b
Labels
platform Anything platform specific (e.g., Kubernetes, OpenShift, Ingress) type:chore Provides value to the (dev) team
Projects
Sprint 217 [9/4 - 23/4]
Milestone
0.8.2

Comments

@johannes-b
Copy link
Member

The service account keptn-configuration-service does not need all permissions (create, get, delete, update); it just needs GET permissions because no other usage is found in: https://github.com/keptn/keptn/blob/0.8.1/configuration-service/common/git.go#L45

Task

  • Create a role with just get permissions
  • Bind the role to the service account: keptn-configuration-service
@johannes-b johannes-b added type:chore Provides value to the (dev) team platform Anything platform specific (e.g., Kubernetes, OpenShift, Ingress) labels Apr 14, 2021
@johannes-b johannes-b self-assigned this Apr 14, 2021
@johannes-b johannes-b added this to To do in Sprint 217 [9/4 - 23/4] via automation Apr 14, 2021
@johannes-b johannes-b added this to the 0.8.2 milestone Apr 14, 2021
@johannes-b johannes-b mentioned this issue Apr 14, 2021
Merged
@johannes-b johannes-b moved this from To do to In progress in Sprint 217 [9/4 - 23/4] Apr 14, 2021
@johannes-b johannes-b moved this from In progress to Ready for review in Sprint 217 [9/4 - 23/4] Apr 15, 2021
@johannes-b johannes-b moved this from Ready for review to Done in Sprint 217 [9/4 - 23/4] Apr 16, 2021
christian-kreuzberger-dtx added a commit that referenced this issue Apr 22, 2021
@christian-kreuzberger-dtx
#3781 Rename rolebinding to get-secrets
02b914a 
Signed-off-by: Christian Kreuzberger <christian.kreuzberger@dynatrace.com>
christian-kreuzberger-dtx added a commit that referenced this issue Apr 22, 2021
@christian-kreuzberger-dtx
Merge pull request #3842 from keptn/patch/installer_roleref
1d307f1 
#3781 Rename rolebinding to get-secrets
This was referenced Sep 5, 2021
Open
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@johannes-b johannes-b

Labels
platform Anything platform specific (e.g., Kubernetes, OpenShift, Ingress) type:chore Provides value to the (dev) team
Projects
No open projects
Sprint 217 [9/4 - 23/4]
Done
Milestone
0.8.2
Development

Successfully merging a pull request may close this issue.

Changed permissions of configuration-service from manage to read secrets keptn/keptn
1 participant
@johannes-b