apiGroup is not being taken into account

Question

apiGroup is not being taken into account

kplimack opened this issue 4 years ago · comments

As you can see here, `collins-operator` is purported to have "GET ALL IN ALL NAMESPACES", but if you look at the policy in question (below), you'll see that it actually has limited scope.

rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - create
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - metal3.io
  resources:
  - '*'
  verbs:
  - get
  - create
  - list

Marcin Ciszak · Answer 1 · Wed Jul 15 2020 00:54:05 GMT+0800 (China Standard Time)

Hi @kplimack. Thanks for logging the issue above. We'll look into that.