Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 4.14, 4.15, 4.16, 4.17, 4.18
Component/s: Cloud Compute / Machine API Providers
Labels:
- pre-merge-tested

Regression:
None
Release Blocker:
Proposed
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.18.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

https://github.com/openshift/machine-api-provider-azure/tree/main/pkg/cloud/azure/services/virtualnetworks

This package is not used within MAPI, but its presence indicates that the operator needs permissions over VNets, specifically to delete VNets. This is a sensitive permission that if exercised could lead to an unrecoverable cluster, or deletion of other critical infrastructure within the same Azure subscription or resource group that's not related to the cluster itself. This package should be removed as well as the relevant permissions from the CredentialsRequest.

links to

openshift/machine-api-operator#1307: OCPBUGS-44056: Remove unneeded VNet permissions from Azure CredentialsRequest

openshift/machine-api-provider-azure#122: OCPBUGS-44056: Remove unused vnet package

Assignee:: Theo Barber-Bany

Reporter:: Taylor Fahlman

QA Contact:: Zhaohua Sun

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/10/31 3:56 PM

Updated:: 2024/11/05 7:08 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates