-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix disallow anonymous users policy (#133)
* Added empty-dir policy for RHACM * Added fix to anonymous policy
- Loading branch information
1 parent
473fbe9
commit de9e695
Showing
6 changed files
with
14 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
...-policy-agent/authentication-user-management/disallow-anonymous-users/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
...acm/authentication-user-management/gatekeeper-disallow-anonymous-auth/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
# Disallow Anonymous Authentication | ||
|
||
The policy disallows associating the `system:anonymous` User and `system:unauthenticated` Group with any ClusterRole in the cluster. | ||
The policy disallows associating the `system:anonymous` User and `system:unauthenticated` Group with any ClusterRole / Role in the cluster. | ||
|
||
Associating unauthenticated users with ClusterRoles in the cluster may open a doorway for potential attacks. The unauthenticated users are not provided via an authorized identity provider, thereby, not secure. | ||
Associating unauthenticated users with ClusterRoles / Roles in the cluster may open a doorway for potential attacks. The unauthenticated users are not provided via an authorized identity provider, thereby, not secure. | ||
|
||
The policy uses the next [Gatekeeper policy](../../../open-policy-agent/authentication-user-management/disallow-anonymous-users/) in order to function. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters