Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the permissions related to secrets. #1814

Closed
Syulin7 opened this issue May 26, 2023 · 4 comments · Fixed by #1815
Closed

Remove the permissions related to secrets. #1814

Syulin7 opened this issue May 26, 2023 · 4 comments · Fixed by #1815
Assignees
@Syulin7

Comments

@Syulin7
Copy link
Contributor

Syulin7 commented May 26, 2023

Currently, the training-operator has permission to access secrets, which it likely does not need and could pose a security risk. I suggest removing the permissions related to secrets.

training-operator/manifests/base/cluster-role.yaml

Lines 71 to 81 in fc8a644

- apiGroups:
- ""
resources:
- configmaps
- secrets
- serviceaccounts
verbs:
- create
- list
- watch
- update

@Syulin7
Copy link
Contributor Author

Syulin7 commented May 26, 2023

@johnugeorge @tenzen-y WDYT, If the training-operator is using secrets, please let me know.

@Syulin7 Syulin7 changed the title Removing the permissions related to secrets. Remove the permissions related to secrets. May 26, 2023
@tenzen-y
Copy link
Member

tenzen-y commented May 26, 2023
edited
Loading

@Syulin7 Thank you for realizing this. I agree with you.
Also, we should auto-generate RBAC manifests by the controller-gen. Then, we can avoid such this situation :)

@johnugeorge
Copy link
Member

@Syulin7 Can you help fix it?

@Syulin7
Copy link
Contributor Author

Syulin7 commented May 27, 2023

/assign

@Syulin7 Syulin7 mentioned this issue May 31, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Syulin7 Syulin7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Auto-generate RBAC manifests by the controller-gen Syulin7/training-operator
3 participants
@johnugeorge @Syulin7 @tenzen-y