Uploaded image for project: 'OpenShift Builds'
  1. OpenShift Builds
  2. BUILD-984

Shared Resources: Verify RBAC Checks in CI

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • builds-1.1
    • shared-resources

      User Story

      The Shared Resource CSI Driver previously had permission to read all Kubernetes secrets. In BUILD-965, this was changed so the user had to explicitly grant the CSI driver permission to read the given resource.

      We need to verify the following with CI on Konflux:

      1. Shared resources works according to the described procedure.
      2. Shared resource CSI driver mounts fail if the appropriate RBAC isn't granted (we have some existing test cases for this, I think)

      Definition of Done:

      • CI testing verifies driver can only access the secrets it has been granted.
      • Documentation updated with instructions on how to grant the driver permission to access the shared secret/configMap.

              rh-ee-asatyam Ayush Satyam
              adkaplan@redhat.com Adam Kaplan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: