apiGroup is not being taken into account
kplimack opened this issue · comments
Jake Plimack commented
As you can see here, `collins-operator` is purported to have "GET ALL IN ALL NAMESPACES", but if you look at the policy in question (below), you'll see that it actually has limited scope.
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- metal3.io
resources:
- '*'
verbs:
- get
- create
- list
Marcin Ciszak commented
Hi @kplimack. Thanks for logging the issue above. We'll look into that.