Validate security boundaries for resource status operations
Opened this issue · 0 comments
akashsinghal commented
What would you like to be added?
Some resource status like KMP and certificate store may contain what might be considered sensitive information such as keys/certificate metadata. Ratify should first determine what RBAC is needed for status and whether default RBAC needs to be elevated to view status for certain resources. Ratify should also validate in namespace multitenancy scenarios.
Anything else you would like to add?
No response
Are you willing to submit PRs to contribute to this feature?
- Yes, I am willing to implement it.