Skip to content

Commit e19b5d7

Browse files
committed
issues with SA rules
1 parent 6f54524 commit e19b5d7

File tree

2 files changed

+13
-2
lines changed

2 files changed

+13
-2
lines changed

helm/wrongsecrets-ctf-party/templates/wrongsecrets-balancer/role.yaml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ rules:
1313
verbs: ['get', 'list', 'create', 'delete']
1414
- apiGroups: [''] # "" indicates the core API group
1515
resources: ['pod', 'pods', 'pods/log']
16-
verbs: ['create', 'get', 'list', 'delete', 'watch']
16+
verbs: ['create', 'get', 'list', 'delete', 'watch', 'patch', 'update']
1717
- apiGroups: [''] # "" indicates the core API group
1818
resources: ['namespaces']
1919
verbs: ['get', 'create', 'list', 'delete', 'patch', 'watch', 'update']
@@ -26,6 +26,9 @@ rules:
2626
- apiGroups: ['']
2727
resources: ['serviceaccounts']
2828
verbs: ['create', 'get', 'list', 'delete', 'patch', 'update']
29+
- apiGroups: ['']
30+
resources: ['pods/exec']
31+
verbs: ['create']
2932
- apiGroups: ['rbac.authorization.k8s.io']
3033
resources: ['roles']
3134
verbs: ['create', 'delete', 'deletecollection', 'get', 'list', 'patch', 'update', 'watch', 'admin', 'escalate']

wrongsecrets-balancer/src/kubernetes.js

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1812,14 +1812,22 @@ const createRoleForWebTop = async (team) => {
18121812
resources: ['configmaps'],
18131813
verbs: ['get', 'list'],
18141814
},
1815-
{
1815+
{
18161816
apiGroups: [''],
18171817
resources: ['pods/exec'],
18181818
verbs: ['create'],
18191819
resourceNames: [
18201820
`t-${team}-secret-challenge-53*`,
18211821
],
18221822
},
1823+
{
1824+
apiGroups: [''],
1825+
resources: ['pods'],
1826+
verbs: ['patch', 'update'],
1827+
resourceNames: [
1828+
`t-${team}-secret-challenge-53*`,
1829+
],
1830+
},
18231831
{
18241832
apiGroups: [''],
18251833
resources: ['pod', 'pods', 'pods/log'],

0 commit comments

Comments
 (0)