Uploaded image for project: 'AeroGear'
  1. AeroGear
  2. AEROGEAR-9996

Review & tighten operator permissions

    Details

      Description

      We only want to give the operators cluster permissions for the resources that they'll watch in the MDC namespace (the CRs other than the service installation CR).

      Additionally, in the MDC operator, the mobileclient-admin role should be added into the role.yaml rather than being in a separate file.

      Also, figure out what to do with the mobile-developer role and rolebinding – should the operator create those, or should those be created first? My thinking is that they should be created separately: the operator doesn't create the namespace, so why should it give system:authenticated extra permissions in there?

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                grdryn Gerard Ryan
                Reporter:
                grdryn Gerard Ryan
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: