Merge pull request #1418 from tkashem/rout-4-10

[release-4.10] OCPBUGS-5345: routes/status resources can leak sensitive data
openshift · Jan 4, 2023 · 2a49f94 · 2a49f94
2 parents d012101 + 698ca35
commit 2a49f94
Show file tree

Hide file tree

Showing 8 changed files with 11 additions and 11 deletions.
diff --git a/pkg/operator/apiserver/audit/bindata/bindata.go b/pkg/operator/apiserver/audit/bindata/bindata.go
diff --git a/pkg/operator/apiserver/audit/manifests/allrequestbodies-rules.yaml b/pkg/operator/apiserver/audit/manifests/allrequestbodies-rules.yaml
@@ -2,7 +2,7 @@
 - level: Metadata
   resources:
   - group: "route.openshift.io"
-    resources: ["routes"]
+    resources: ["routes", "routes/status"]
   - resources: ["secrets"]
 - level: Metadata
   resources:

diff --git a/pkg/operator/apiserver/audit/manifests/writerequestbodies-rules.yaml b/pkg/operator/apiserver/audit/manifests/writerequestbodies-rules.yaml
@@ -2,7 +2,7 @@
 - level: Metadata
   resources:
   - group: "route.openshift.io"
-    resources: ["routes"]
+    resources: ["routes", "routes/status"]
   - resources: ["secrets"]
 - level: Metadata
   resources:

diff --git a/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml b/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml
@@ -32,7 +32,7 @@ rules:
 - level: Metadata
   resources:
   - group: "route.openshift.io"
-    resources: ["routes"]
+    resources: ["routes", "routes/status"]
   - resources: ["secrets"]
 - level: Metadata
   resources:

diff --git a/pkg/operator/apiserver/audit/testdata/audit-policies-cm-scenario-1.yaml b/pkg/operator/apiserver/audit/testdata/audit-policies-cm-scenario-1.yaml
@@ -72,7 +72,7 @@ data:
     - level: Metadata
       resources:
       - group: "route.openshift.io"
-        resources: ["routes"]
+        resources: ["routes", "routes/status"]
       - resources: ["secrets"]
     - level: Metadata
       resources:
@@ -121,7 +121,7 @@ data:
     - level: Metadata
       resources:
       - group: "route.openshift.io"
-        resources: ["routes"]
+        resources: ["routes", "routes/status"]
       - resources: ["secrets"]
     - level: Metadata
       resources:

diff --git a/pkg/operator/apiserver/audit/testdata/multipleCr.yaml b/pkg/operator/apiserver/audit/testdata/multipleCr.yaml
@@ -32,7 +32,7 @@ rules:
 - level: Metadata
   resources:
   - group: "route.openshift.io"
-    resources: ["routes"]
+    resources: ["routes", "routes/status"]
   - resources: ["secrets"]
   userGroups:
   - system:authenticated:oauth
@@ -64,7 +64,7 @@ rules:
 - level: Metadata
   resources:
     - group: "route.openshift.io"
-      resources: ["routes"]
+      resources: ["routes", "routes/status"]
     - resources: ["secrets"]
   userGroups:
     - system:authenticated

diff --git a/pkg/operator/apiserver/audit/testdata/oauth.yaml b/pkg/operator/apiserver/audit/testdata/oauth.yaml
@@ -32,7 +32,7 @@ rules:
 - level: Metadata
   resources:
   - group: "route.openshift.io"
-    resources: ["routes"]
+    resources: ["routes", "routes/status"]
   - resources: ["secrets"]
   userGroups:
   - system:authenticated:oauth

diff --git a/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml b/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml
@@ -32,7 +32,7 @@ rules:
 - level: Metadata
   resources:
   - group: "route.openshift.io"
-    resources: ["routes"]
+    resources: ["routes", "routes/status"]
   - resources: ["secrets"]
 - level: Metadata
   resources: