Skip to content

Fix RBAC table inconsistencies in security docs#876

Closed
ppiegaze wants to merge 1 commit intomainfrom
peeter/security-rbac-fixes
Closed

Fix RBAC table inconsistencies in security docs#876
ppiegaze wants to merge 1 commit intomainfrom
peeter/security-rbac-fixes

Conversation

@ppiegaze
Copy link
Copy Markdown
Collaborator

@ppiegaze ppiegaze commented Mar 27, 2026

Summary

  • Remove invalid post K8s RBAC verb from operator-system role
  • Remove contradictory (RO) marker from pods resource in union-executor and flytepropeller-role (both have write verbs)
  • Use full arn:aws:iam::<account-id>:role/... ARN patterns consistently in IAM roles table

Based on Copilot review suggestions from PR #871. Needs @EngHabu review to confirm accuracy.

Test plan

  • @EngHabu confirms RBAC verb and resource changes are accurate
  • @EngHabu confirms IAM ARN patterns are correct

🤖 Generated with Claude Code

@ppiegaze @claude
Fix RBAC table inconsistencies in security docs
4bd2db8 
- Remove invalid `post` K8s RBAC verb from operator-system
- Remove `(RO)` marker from pods in union-executor and flytepropeller-role
  (both have write verbs for pods)
- Use full ARN patterns consistently in IAM roles table

Needs review from @EngHabu to confirm accuracy.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@ppiegaze ppiegaze requested a review from EngHabu as a code owner March 27, 2026 10:05
Copilot AI review requested due to automatic review settings March 27, 2026 10:05
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Mar 27, 2026

Deploying docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: 4bd2db8
Status: ✅  Deploy successful!
Preview URL: https://3fe6e2a1.docs-dog.pages.dev
Branch Preview URL: https://peeter-security-rbac-fixes.docs-dog.pages.dev

View logs

Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the security documentation to correct and standardize RBAC and IAM table entries, addressing inconsistencies introduced/identified during the security section restructure (PR #871).

Changes:

  • Removes the invalid Kubernetes RBAC verb post from the operator-system ClusterRole verbs list.
  • Removes contradictory (RO) markers from pods resources where the roles clearly have write verbs.
  • Standardizes AWS IAM Role ARN patterns in the IAM roles table to consistently use full arn:aws:iam::<account-id>:role/... format.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
content/security/kubernetes-rbac-data-plane.md Fixes RBAC table accuracy by removing invalid verb and inconsistent read-only markers.
content/security/aws-iam-roles.md Normalizes IAM role ARN pattern formatting across control/data plane rows for consistency.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ppiegaze
Copy link
Copy Markdown
Collaborator Author

ppiegaze commented Apr 23, 2026

Closing. #907 supersedes this

@ppiegaze ppiegaze closed this Apr 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@EngHabu EngHabu Awaiting requested review from EngHabu EngHabu is a code owner

@cosmicBboy cosmicBboy Awaiting requested review from cosmicBboy cosmicBboy is a code owner

@kumare3 kumare3 Awaiting requested review from kumare3 kumare3 is a code owner

@samhita-alla samhita-alla Awaiting requested review from samhita-alla samhita-alla is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ppiegaze