Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't provide access to Secrets in default RBAC #188

Merged
merged 1 commit into from
Dec 18, 2018
Merged

Don't provide access to Secrets in default RBAC #188

merged 1 commit into from
Dec 18, 2018

Conversation

jarrpa
Copy link
Contributor

@jarrpa jarrpa commented Dec 10, 2018

Related: #164

Signed-off-by: Jose A. Rivera jarrpa@redhat.com

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Dec 10, 2018
@jarrpa
Copy link
Contributor Author

jarrpa commented Dec 10, 2018

@msau42 PTAL

msau42
msau42 reviewed Dec 10, 2018
View reviewed changes
deploy/kubernetes/rbac.yaml Outdated
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
# Some provisioners may need to uncomment the following rule.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe something like "The following rule should be uncommented for plugins that require secrets for provisioning"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment updated.

@jarrpa
Don't provide access to Secrets in default RBAC
5f98e79 
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
@jarrpa jarrpa force-pushed the comment-secret-rbac branch from 5b104cf to 5f98e79 Compare December 10, 2018 21:43
@msau42
Copy link
Collaborator

msau42 commented Dec 10, 2018

/lgtm
/assign @jsafrane

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 10, 2018
@msau42
Copy link
Collaborator

msau42 commented Dec 18, 2018

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jarrpa, msau42

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 18, 2018
@k8s-ci-robot k8s-ci-robot merged commit cf6fa21 into kubernetes-csi:master Dec 18, 2018
@msau42 msau42 mentioned this pull request Jun 20, 2019
Closed
kbsonlong pushed a commit to kbsonlong/external-provisioner that referenced this pull request Dec 29, 2023
@k8s-ci-robot
Merge pull request kubernetes-csi#188 from pohly/go-mod
c35fef2 
replace "dep" with "go mod"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msau42 msau42 msau42 left review comments

@davidz627 davidz627 Awaiting requested review from davidz627

@sbezverk sbezverk Awaiting requested review from sbezverk

Assignees

@jsafrane jsafrane

@msau42 msau42

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jarrpa @msau42 @k8s-ci-robot @jsafrane