-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't show/list project to user if user doesn't have permissions in project #2578
Comments
Take Kargo out of this entirely for a moment. This is more of a general Kubernetes problem without a real solution. If a user can list resources of a given type, their results when doing so are not constrained by what their permissions happen to be on individual resources of that type. Since a pretty direct comparison could also be made between Projects and namespaces, it's also worth pointing out that if a user can list namespaces, their results when doing so are also not constrained by their permissions on resources within each namespace. I suppose there is some technical possibility of giving the Kargo API server's list Projects endpoint tricks that k8s itself doesn't have, but I would really hate having All this being said, I agree that the UX could be better and wonder if the ability to star/favorite projects might not be a more viable improvment. |
If we focus on the Kubernetes resource model, then absence of possibility to make list verb more granular also doesn't make me happy. I understand that overloading a project with features or workarounds to ensure paranoid security measures can negatively affect its functional part
In general it would be great improvement. In my edge case there is also a requirement to ensure least privilege on top, even if it's list privilege =/ Allright... I'll try to workaround it somehow, probably |
Indeed, I empathize. We are, however, trying pretty hard to keep all RBAC as pure k8s RBAC and not layer something on top of it for enforcement (the way Argo CD does with casbin, for instance). The inherent disadvantage of something like that is too many things are enforced when the API server is involved and aren't enforced at all when you use kubectl. 😦 I'll carve out a separate issue in the morning for starring/favoriting. That should be non-controversial and easy to get done. |
Closing in favor of #2689 |
Checklist
kargo version
, if applicable.Proposed Feature
I would like projects where user doesn't have permissions to be hidden from this user
Motivation
Suggested Implementation
Additional checks and filtering project list on backend
The text was updated successfully, but these errors were encountered: