Skip to content

feat(KONFLUX-9093): Add tool for validating role RBAC #180

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
arewm wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat(KONFLUX-9093): Add tool for validating role RBAC #180

arewm wants to merge 6 commits into from

Conversation

@arewm
Copy link
Contributor

@arewm arewm commented Aug 12, 2025

In KONFLUX-9093, there is a request to enable roles to be cerated in namespaces via Argo. In order to allow this, we need to be able to guarantee that the roles are not granting permissions that users would normally not have (but which Argo would have). We can use k8s tooling to ensure that permissions are not exceeding some reference roles.

Co-Authored-By: Claude [email protected]
Signed-off-by: arewm [email protected]

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED

@arewm arewm force-pushed the add-rbac-validator branch 9 times, most recently from cb9f36c to 46698e3 Compare August 13, 2025 00:09
rhartman93
rhartman93 reviewed Aug 19, 2025
View reviewed changes
rhartman93
rhartman93 reviewed Aug 19, 2025
View reviewed changes
arewm added 4 commits August 20, 2025 08:42
@arewm
feat(KONFLUX-9093): Add tool for validating role RBAC
0e46ce8 
In KONFLUX-9093, there is a request to enable roles to be cerated in
namespaces via Argo. In order to allow this, we need to be able to
guarantee that the roles are not granting permissions that users would
normally not have (but which Argo would have). We can use k8s tooling to
ensure that permissions are not exceeding some reference roles.

Co-Authored-By: Claude <[email protected]>
Signed-off-by: arewm <[email protected]>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
@arewm
unify to a single build pipeline definition
a8a331a 
Signed-off-by: arewm <[email protected]>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
@arewm
improve pipeline visualization
d8130c3 
Signed-off-by: arewm <[email protected]>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
@arewm
enable arm builds for pushes
4bddc21 
Signed-off-by: arewm <[email protected]>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
@arewm arewm force-pushed the add-rbac-validator branch from dc873b2 to eb99047 Compare August 20, 2025 12:55
@arewm
update task bundle references
b0fdf63 
Signed-off-by: arewm <[email protected]>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
@arewm arewm force-pushed the add-rbac-validator branch from eb99047 to b0fdf63 Compare August 24, 2025 00:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhartman93 rhartman93 rhartman93 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arewm @rhartman93