Skip to content

RBAC + create + resourceName #132213

New issue
New issue
Open
Open
RBAC + create + resourceName#132213
Labels
kind/bugCategorizes issue or PR as related to a bug.needs-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.sig/authCategorizes an issue or PR as relevant to SIG Auth.
@kfox1111

Description

@kfox1111
kfox1111
opened on Jun 10, 2025

What happened?

RBAC doesn't work with create and resourceName

What did you expect to happen?

It should only allow the specified resourceName

How can we reproduce it (as minimally and precisely as possible)?

Make an RBAC policy with create limited to a resourceName

Anything else we need to know?

The user provided object contains the metadata.name for the object, so it should be possible to filter by resourceName when creating.

Kubernetes version

$ kubectl version
# paste output here

Cloud provider

OS version

# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here

# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here

Install tools

Container runtime (CRI) and version (if applicable)

Related plugins (CNI, CSI, ...) and versions (if applicable)

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.needs-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.sig/authCategorizes an issue or PR as relevant to SIG Auth.

    Type

    No type

    Projects

    SIG Auth

    Status

    Needs Triage

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions