-
Spike
-
Resolution: Unresolved
-
Normal
-
ACM 2.13.0
-
None
Value Statement
By looking into the RBAC manifests of MCH components to find wildcard permissions, we want to improve the security of our deployments. By pinpointing which components have excessive permissions, we can develop specific user stories for each component's squad, helping them manage permissions more effectively.
Definition of Done for Engineering Story Owner (Checklist)
- [ ] Create a complete list of MCH components, showing which ones have wildcard permissions in their RBAC manifests.
- [ ] For each component with a wildcard, document the specific permissions it has and what might happen if we reduce those permissions.
Development Complete
- The code is complete.
- Functionality is working.
- Any required downstream Docker file changes are made.
Tests Automated
- [ ] Unit/function tests have been automated and incorporated into the
build. - [ ] 100% automated unit/function test coverage for new or changed APIs.
Secure Design
- [ ] Security has been assessed and incorporated into your threat model.
Multidisciplinary Teams Readiness
- [ ] Create an informative documentation issue using the [Customer
Portal_doc_issue template](
https://github.com/stolostron/backlog/issues/new?assignees=&labels=squad%3Adoc&template=doc_issue.md&title=),
and ensure doc acceptance criteria is met. Link the development issue to
the doc issue. - [ ] Provide input to the QE team, and ensure QE acceptance criteria
(established between story owner and QE focal) are met.
Support Readiness
- [ ] The must-gather script has been updated.
- clones
-
ACM-15086 [Spike] Investigate MCE components to identify RBAC manifests with wildcard permissions
- To Do