search

spidernet-io / spiderpool

Underlay and RDMA network solution of the Kubernetes, for bare metal, VM and any public cloud
https://spidernet-io.github.io/spiderpool/
Apache License 2.0
505 stars 72 forks source link

RBAC: avoiding too high permissions leading to potential CVE risks #3608

Closed cyclinder closed 2 weeks ago

cyclinder commented 2 weeks ago

Thanks for contributing!

What type of PR is this?

What this PR does / why we need it:

avoiding too high permissions leading to potential CVE risks, see these issues below

Which issue(s) this PR fixes:

Fixes https://github.com/spidernet-io/spiderpool/issues/3420 Fixes https://github.com/spidernet-io/spiderpool/issues/3361

Special notes for your reviewer:

cyclinder commented 2 weeks ago

waiting for https://github.com/spidernet-io/spiderpool/pull/3603 merged first.

codecov[bot] commented 2 weeks ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 81.27%. Comparing base (cd1badc) to head (81a0c48).

Additional details and impacted files [![Impacted file tree graph](https://app.codecov.io/gh/spidernet-io/spiderpool/pull/3608/graphs/tree.svg?width=650&height=150&src=pr&token=YKXY2E4Q8G&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=spidernet-io)](https://app.codecov.io/gh/spidernet-io/spiderpool/pull/3608?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=spidernet-io) ```diff @@ Coverage Diff @@ ## main #3608 +/- ## ======================================= Coverage 81.27% 81.27% ======================================= Files 50 50 Lines 4352 4352 ======================================= Hits 3537 3537 Misses 662 662 Partials 153 153 ``` | [Flag](https://app.codecov.io/gh/spidernet-io/spiderpool/pull/3608/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=spidernet-io) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/spidernet-io/spiderpool/pull/3608/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=spidernet-io) | `81.27% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=spidernet-io#carryforward-flags-in-the-pull-request-comment) to find out more.