You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(KONFLUX-9093): Add tool for validating role RBAC
In KONFLUX-9093, there is a request to enable roles to be cerated in
namespaces via Argo. In order to allow this, we need to be able to
guarantee that the roles are not granting permissions that users would
normally not have (but which Argo would have). We can use k8s tooling to
ensure that permissions are not exceeding some reference roles.
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: arewm <arewm@users.noreply.github.com>
rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
Copy file name to clipboardExpand all lines: Containerfile
+14-1Lines changed: 14 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -1,10 +1,24 @@
1
1
FROM quay.io/konflux-ci/yq@sha256:15d0238843d954ee78c9c190705eb8b36f6e52c31434183c37d99a80841a635a as yq
2
2
FROM registry.redhat.io/openshift4/ose-cli-artifacts-rhel9:v4.17.0-202504091537.p0.g0000b3e.assembly.stream.el9 as oc
3
3
4
+
# Build stage for RBAC validator
5
+
FROM registry.access.redhat.com/ubi9/go-toolset:1.24.4-1754467841@sha256:3f552f246b4bd5bdfb4da0812085d381d00d3625769baecaed58c2667d344e5c as go-builder
6
+
7
+
# Copy tools directory and build the binary
8
+
COPY --chown=default tools/ /workspace/tools/
9
+
WORKDIR /workspace/tools
10
+
RUN go mod download && \
11
+
go build -o rbac-validator rbac-validator.go
12
+
13
+
# Main stage
4
14
FROM registry.access.redhat.com/ubi9/ubi:latest@sha256:8851294389a8641bd6efcd60f615c69e54fb0e2216ec8259448b35e3d9a11b06
0 commit comments