Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Minor
Fix Version/s: None
Affects Version/s: 4.13.z, 4.12.z, 4.14.z, 4.15.z, 4.16.0, 4.17.0
Component/s: secondary-scheduler-operator
Labels:
- operator
- osso
- scheduler

Regression:
No
Story Points:
1
Sprint:
Workloads Sprint 254, Workloads Sprint 255
sprint_count:
2
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.17.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

The security recommendation is to replace every '*' with an explicit list of verbs instead. There are some places in https://github.com/openshift/secondary-scheduler-operator/blob/master/manifests/cluster-secondary-scheduler-operator.clusterserviceversion.yaml#L98 which uses '*'.

Version-Release number of selected component (if applicable):

All

How reproducible:

Always

Steps to Reproduce:

Actual results:

OSSO rbac contains '*' as a verb

Expected results:

OSSO rbac does not contain '*' as a verb

Additional info:

links to

openshift/secondary-scheduler-operator#146: OCPBUGS-32976: Replace wildcards with an explicit list of verbs

Assignee:: Anya Kramar

Reporter:: Jan Chaloupka

QA Contact:: Rama Kasturi Narra

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/04/25 1:49 PM

Updated:: 2024/07/01 10:50 AM

Resolved:: 2024/07/01 10:50 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates