viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/rbac
History
Viktor Barzin 7114824c06 fix(rbac): tighten dashboard SA cluster-read to namespaces+nodes only 
namespace-owners could read all tenants' pods/configmaps/etc cluster-wide
(read-only) via the broad namespace_owner_readonly role. Give the dashboard
SAs a dedicated dashboard-nav-readonly ClusterRole = namespaces + nodes (list)
only — enough for the dashboard namespace-picker/Nodes view, but no
cross-tenant resource reads. Own-namespace access (admin) unchanged. Verified:
gheorghe can list namespaces/nodes + full vabbit81, but list pods/configmaps -A
= no, other namespaces = no.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-05 09:19:11 +00:00
..
modules/rbac fix(rbac): tighten dashboard SA cluster-read to namespaces+nodes only 2026-06-05 09:19:11 +00:00
main.tf extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
secrets extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
terragrunt.hcl extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00