Affected by GO-2022-0502 and 2 other vulnerabilities

GO-2022-0502: Weave GitOps leaked cluster credentials into logs on connection errors in github.com/weaveworks/weave-gitops

GO-2023-1377: GitOps Run allows for Kubernetes workload injection in github.com/weaveworks/weave-gitops

GO-2023-1388: Gitops Run insecure communication in github.com/weaveworks/weave-gitops

nsaccess

package

v0.8.1-rc.3 Latest Latest Go to latest Published: May 12, 2022 License: MPL-2.0 Imports: 9 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/weaveworks/weave-gitops

Documentation ¶

Index ¶

Variables
type Checker
- func NewChecker(rules []rbacv1.PolicyRule) Checker

Constants ¶

This section is empty.

Variables ¶

View Source

var DefautltWegoAppRules = []rbacv1.PolicyRule{
	{
		APIGroups: []string{""},
		Resources: []string{"secrets", "pods", "events"},
		Verbs:     []string{"get", "list"},
	},
	{
		APIGroups: []string{"apps"},
		Resources: []string{"deployments", "replicasets"},
		Verbs:     []string{"get", "list"},
	},
	{
		APIGroups: []string{"kustomize.toolkit.fluxcd.io"},
		Resources: []string{"kustomizations"},
		Verbs:     []string{"get", "list"},
	},
	{
		APIGroups: []string{"helm.toolkit.fluxcd.io"},
		Resources: []string{"helmreleases"},
		Verbs:     []string{"get", "list"},
	},
	{
		APIGroups: []string{"source.toolkit.fluxcd.io"},
		Resources: []string{"buckets", "helmcharts", "gitrepositories", "helmrepositories"},
		Verbs:     []string{"get", "list"},
	},
	{
		APIGroups: []string{""},
		Resources: []string{"events"},
		Verbs:     []string{"get", "list", "watch"},
	},
}

DefautltWegoAppRules is the minimun set of permissions a user will need to use the wego-app in a given namespace

Functions ¶

This section is empty.

Types ¶

type Checker ¶

type Checker interface {
	// FilterAccessibleNamespaces returns a filtered list of namespaces to which a user has access to
	FilterAccessibleNamespaces(ctx context.Context, cfg *rest.Config, namespaces []corev1.Namespace) ([]corev1.Namespace, error)
}

Checker contains methods for validing user access to Kubernetes namespaces, based on a set of PolicyRules

func NewChecker ¶

func NewChecker(rules []rbacv1.PolicyRule) Checker

Source Files ¶

View all Source files

nsaccess.go

Directories ¶

Path	Synopsis
nsaccessfakes Code generated by counterfeiter.	Code generated by counterfeiter.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL