Skip to content

WIP - Security Fix: Reduce permissions in tekton-scheduler-role #3360

Open
pramodbindal wants to merge 1 commit intotektoncd:mainfrom
tektoncd-pb:tkn-scheduler-role
Open

WIP - Security Fix: Reduce permissions in tekton-scheduler-role #3360
pramodbindal wants to merge 1 commit intotektoncd:mainfrom
tektoncd-pb:tkn-scheduler-role

Conversation

@pramodbindal
Copy link
Copy Markdown
Member

@pramodbindal pramodbindal commented Apr 21, 2026

Changes

Reduced the permissions of tekton-scheduler-role
Also updated the subject to tekton-operator only. Earlier this role was assigned to every authenticated user. Now only tekton-operator can have this role.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

See the contribution guide for more details.

Release Notes

NONE

@tekton-robot tekton-robot added the release-note-none Denotes a PR that doesnt merit a release note. label Apr 21, 2026
@tekton-robot
Copy link
Copy Markdown
Contributor

tekton-robot commented Apr 21, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from pramodbindal after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot requested review from khrm and pratap0007 April 21, 2026 04:55
@tekton-robot tekton-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Apr 21, 2026
@anithapriyanatarajan
Copy link
Copy Markdown
Contributor

anithapriyanatarajan commented Apr 21, 2026

@pramodbindal - is this PR still valid? the role binding change config/base/tekton_scheduler_role_binding.yaml is already done

@pramodbindal pramodbindal changed the title Security Fix: Reduce permissions in tekton-scheduler-role WIP - Security Fix: Reduce permissions in tekton-scheduler-role Apr 22, 2026
@tekton-robot tekton-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 22, 2026
@pramodbindal
Copy link
Copy Markdown
Member Author

pramodbindal commented Apr 22, 2026

@pramodbindal - is this PR still valid? the role binding change config/base/tekton_scheduler_role_binding.yaml is already done

Yes we need to refine the permissions as well.
marked as WIP for now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@khrm khrm Awaiting requested review from khrm

@pratap0007 pratap0007 Awaiting requested review from pratap0007

Assignees

No one assigned

Labels

do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note-none Denotes a PR that doesnt merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pramodbindal @tekton-robot @anithapriyanatarajan