2032484 – Warn about visibility of NetworkAttachmentDefinition content

Bug 2032484 - Warn about visibility of NetworkAttachmentDefinition content

Summary: Warn about visibility of NetworkAttachmentDefinition content

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Documentation
Sub Component:
Version:	4.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.9.z
Assignee:	Amrita
QA Contact:	zhaozhanqi
Docs Contact:	Latha S
URL:
Whiteboard:
Depends On:	2021191
Blocks:
TreeView+	depends on / blocked

Reported:	2021-12-14 14:56 UTC by Petr Horáček
Modified:	2022-01-19 05:45 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-01-19 05:45:07 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Petr Horáček 2021-12-14 14:56:27 UTC

Document URL: 
https://docs.openshift.com/container-platform/4.9/networking/multiple_networks/configuring-additional-network.html

Section Number and Name: 
Configuration for an additional network attachment

Describe the issue: 
PR https://github.com/openshift/cluster-network-operator/pull/1226 and BZ https://bugzilla.redhat.com/show_bug.cgi?id=2021191 allow project-admin to list NetworkAttachmentDefinition of the project they own. While this is considered mostly harmless, it is opening up the visibility of the resource from only cluster-admins to project-admins. We should document this, so cluster-administrators creating NetworkAttachmentDefinition are aware that project-admins can read their content. 

Suggestions for improvement:
Add a warning mentioning that contents of NetworkAttachmentDefinition can be read by project-admins and thus no secret or sensitive information should be kept there.

Additional information:

Note You need to log in before you can comment on or make changes to this bug.