kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Restrict master access to state store bucket 

This change increases the specificity of the master's state store bucket contents permission to only the top-level folder named after the cluster.

Fixes #365
This commit is contained in:
Pete Wildsmith 2016-08-24 17:03:10 +01:00 committed by GitHub
parent 2f4ac90661
commit 369a6ea1db
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
upup/models/cloudup/_aws/resources/iam/kubernetes-master-policy.json.template
View File

@ -24,7 +24,8 @@
"Resource": [
{{ range $i, $b := .MasterPermissions.S3Buckets }}
{{if $i}},{{end}}
"{{ IAMPrefix }}:s3:::{{ $b }}/*"
"{{ IAMPrefix }}:s3:::{{ $b }}/{{ ClusterName }}",
"{{ IAMPrefix }}:s3:::{{ $b }}/{{ ClusterName }}/*"
{{ end }}
]
},