Uploaded image for project: 'Cert Manager support for Red Hat OpenShift'
  1. Cert Manager support for Red Hat OpenShift
  2. CM-868

As a developer, I want to implement dynamic RBAC for SecretTargets settings

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • cert-manager-1.19
    • None
    • None

      Description:

      When secretTargets.enabled is true, the controller must dynamically configure the ClusterRole rules to grant appropriate secret write permissions. Support for authorizedSecretsAll (all secrets) and authorizedSecrets (specific secret names).

      Details:

      • Default ClusterRole: read-write configmaps
      • When secretTargets.enabled=true:
        • Add --secret-targets-enabled=true to deployment args
        • If authorizedSecretsAll=true: add create/update/patch/delete for all secrets
        • If authorizedSecrets list: add rules with resourceNames restriction
      • Update TrustManagerStatus.SecretTargetsEnabled field

      Acceptance Criteria:

      • ClusterRole rules dynamically configured based on secretTargets spec
      • --secret-targets-enabled=true arg added to deployment when enabled
      • Changes to secretTargets config trigger deployment rollout
      • Necessary e2e and UTs are added

              Unassigned Unassigned
              rh-ee-ckyal Chirag Kyal
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: