Uploaded image for project: 'OpenShift BuildConfig'
  1. OpenShift BuildConfig
  2. OCPBUILD-148

Minimize wildcard/privilege Usage in Cluster and Local Roles

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • None
    • openshift-controller-manager
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      According
      http://static.open-scap.org/ssg-guides/ssg-ocp4-guide-cis.html#xccdf_org.ssgproject.content_rule_rbac_wildcard_use
      the usage of wildcard in ClusterRole and Roles should be prevented as best as possible.

      Further, one should refrain from using `cluster-admin` permissions to comply with CIS security requirements.

      It's therefore requested to review the below serviceAccount and their associated Roles as they were found not to be compliant with the above and restrict permissions further to the extend possible.

      • system:serviceaccount:openshift-controller-manager-operator:openshift-controller-manager-operator

            Unassigned Unassigned
            rh-ee-sabiswas Sayan Biswas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: