k8sSearch: exclude secrets with scopes that are not requested

### Affected Stackable version

nightly

### Current and expected behavior

Currently, the k8sSearch backend treats requested scopes as a _minimum_ bound. A volume that requests `pod` will happily be supplied a secret secret that provides `pod,node`, allowing the pod to impersonate someone else.

### Possible solution

k8sSearch should reject secrets that specify unrequested scopes.

### Additional context

_No response_

### Environment

_No response_

### Would you like to work on fixing this bug?

None

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

k8sSearch: exclude secrets with scopes that are not requested #556

Affected Stackable version

Current and expected behavior

Possible solution

Additional context

Environment

Would you like to work on fixing this bug?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

k8sSearch: exclude secrets with scopes that are not requested #556

Description

Affected Stackable version

Current and expected behavior

Possible solution

Additional context

Environment

Would you like to work on fixing this bug?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions