Skip to content

feat(KONFLUX-9093): Add tool for validating role RBAC#180

Open
arewm wants to merge 6 commits into
release-engineering:mainfrom
arewm:add-rbac-validator
Open

feat(KONFLUX-9093): Add tool for validating role RBAC#180
arewm wants to merge 6 commits into
release-engineering:mainfrom
arewm:add-rbac-validator

Conversation

@arewm

@arewm arewm commented Aug 12, 2025

Copy link
Copy Markdown
Contributor

In KONFLUX-9093, there is a request to enable roles to be cerated in namespaces via Argo. In order to allow this, we need to be able to guarantee that the roles are not granting permissions that users would normally not have (but which Argo would have). We can use k8s tooling to ensure that permissions are not exceeding some reference roles.

Co-Authored-By: Claude noreply@anthropic.com
Signed-off-by: arewm arewm@users.noreply.github.com

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED

@arewm arewm force-pushed the add-rbac-validator branch 9 times, most recently from cb9f36c to 46698e3 Compare August 13, 2025 00:09
Comment thread rpms.in.yaml Outdated
Comment thread .tekton/konflux-release-data-ci-worker-push.yaml
arewm added 4 commits August 20, 2025 08:42
In KONFLUX-9093, there is a request to enable roles to be cerated in
namespaces via Argo. In order to allow this, we need to be able to
guarantee that the roles are not granting permissions that users would
normally not have (but which Argo would have). We can use k8s tooling to
ensure that permissions are not exceeding some reference roles.

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: arewm <arewm@users.noreply.github.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: arewm <arewm@users.noreply.github.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: arewm <arewm@users.noreply.github.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
Signed-off-by: arewm <arewm@users.noreply.github.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
@arewm arewm force-pushed the add-rbac-validator branch from dc873b2 to eb99047 Compare August 20, 2025 12:55
Signed-off-by: arewm <arewm@users.noreply.github.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
@arewm arewm force-pushed the add-rbac-validator branch from eb99047 to b0fdf63 Compare August 24, 2025 00:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants