Concerned with how broad the cluster permissions for gitlab-runner-operator are
Hello
The gitlab-runner-operator.v... ClusterRole, granted to the operator's manager cluster wide (using ClusterRoleBinding), is very broad. Particularly concerned with Secrets:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
This means the operator can read all Secrets in the cluster. Is that really necessary? If the gitlab-runner-operator or it's service account are compromised, an attacker could access everyone's Secrets. If the operator needs to manage Secrets, then perhaps write permission will suffice?
Saw this in v1.1.0 and v1.4.0.
Thanks
Marek
Edited by Marek Paterczyk