RbacDefinition CRD Validation #99
Labels
enhancement
Adding additional functionality or improvements
help wanted
Extra attention is needed
stretch
This is a stretch goal for a particular milestone
Comments
|
Thanks for the request! While deeper validation of rbacdefinitions would be super nice, I believe that this would require the addition of a validating webhook admission controller for rbac-manager. This is a non-trivial effort and is unlikely to be implemented in our roadmap in the near future. That being said, I believe we would be open to an external PR with this addition. @lucasreed , @mjhuber, or @robscott I would love to hear your thoughts on this as well. |
3 tasks
|
I have opened #103 to track this request. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey all! About a month ago I ran into a bunch of issues configuring new RBACDefinitions, and it turned out I had some misunderstandings about how RBACDefinitions work (they create their own service accounts), and I was misconfiguring the Definition in certain ways (putting namespaces in the wrong fields, as indicated in issue #86 ).
It would be very helpful if these issues could be surfaced when the RBACDefinition is submitted rather than at runtime. Specifically, if it could check for the existence of a service account and validate that the roles it's looking for exist, that would be very helpful.
The text was updated successfully, but these errors were encountered: