Bug 2032484

Summary: Warn about visibility of NetworkAttachmentDefinition content
Product: OpenShift Container Platform Reporter: Petr Horáček <phoracek>
Component: DocumentationAssignee: Amrita <asakthiv>
Status: CLOSED CURRENTRELEASE QA Contact: zhaozhanqi <zzhao>
Severity: medium Docs Contact: Latha S <lmurthy>
Priority: medium    
Version: 4.9CC: aos-bugs, lmurthy
Target Milestone: ---   
Target Release: 4.9.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-19 05:45:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2021191    
Bug Blocks:    

Description Petr Horáček 2021-12-14 14:56:27 UTC
Document URL: 
https://docs.openshift.com/container-platform/4.9/networking/multiple_networks/configuring-additional-network.html

Section Number and Name: 
Configuration for an additional network attachment

Describe the issue: 
PR https://github.com/openshift/cluster-network-operator/pull/1226 and BZ https://bugzilla.redhat.com/show_bug.cgi?id=2021191 allow project-admin to list NetworkAttachmentDefinition of the project they own. While this is considered mostly harmless, it is opening up the visibility of the resource from only cluster-admins to project-admins. We should document this, so cluster-administrators creating NetworkAttachmentDefinition are aware that project-admins can read their content. 

Suggestions for improvement:
Add a warning mentioning that contents of NetworkAttachmentDefinition can be read by project-admins and thus no secret or sensitive information should be kept there.

Additional information: