Anubhav Jindal has uploaded this change for review. ( http://gerrit.cloudera.org:8080/24419
Change subject: IMPALA-15049: Harden Impala Kubernetes operator RBAC permissions ...................................................................... IMPALA-15049: Harden Impala Kubernetes operator RBAC permissions Replace the operator's cluster-admin binding with least-privilege ClusterRoles scoped to the CRD control plane and the namespaced resources required by Helm reconcile. Document the tightened RBAC model and optional-component permission notes for LDAP-related resource kinds in the Kubernetes deployment guide. Add a unit test that guards against reintroducing cluster-admin and verifies critical namespace/status permissions in the RBAC manifest. Testing: - python3 operator/impala-operator/tests/test_main.py - python3 operator/impala-operator/tests/test_rbac_manifest.py Change-Id: Ia3eafc1f4ddcda423227ad5fc361e0bbbd4dad19 Assisted-by: GPT-5.3 (Cursor) --- M helm/impala/README.md M operator/impala-operator/manifests/rbac.yaml A operator/impala-operator/tests/test_rbac_manifest.py 3 files changed, 112 insertions(+), 11 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/19/24419/1 -- To view, visit http://gerrit.cloudera.org:8080/24419 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ia3eafc1f4ddcda423227ad5fc361e0bbbd4dad19 Gerrit-Change-Number: 24419 Gerrit-PatchSet: 1 Gerrit-Owner: Anubhav Jindal <[email protected]>
