Currently the demo scripts skip the creation of a namespace-scoped
RoleBinding whenever the scripts are being run using a Conjur OSS deployed
via Helm chart (i.e. when CONJUR_OSS_HELM_DEPLOYED env var is set to true).
The reason that this works is that the Conjur OSS Helm charts currently
include the creation of a ClusterRoleBinding applies across all namespaces.
A better approach is to use only namespace-scoped RoleBindings, thereby
exercising the principle of least privilege (permissions only apply to
namespaces that explicitly include a RoleBinding).
This change adds the creation of a RoleBinding for working with
Helm-deployed Conjur OSS.
Currently the demo scripts skip the creation of a namespace-scoped RoleBinding whenever the scripts are being run using a Conjur OSS deployed via Helm chart (i.e. when CONJUR_OSS_HELM_DEPLOYED env var is set to true). The reason that this works is that the Conjur OSS Helm charts currently include the creation of a ClusterRoleBinding applies across all namespaces.
A better approach is to use only namespace-scoped RoleBindings, thereby exercising the principle of least privilege (permissions only apply to namespaces that explicitly include a RoleBinding).
This change adds the creation of a RoleBinding for working with Helm-deployed Conjur OSS.
Addresses Issue #114