Assigned
Status Update
No update yet.
Comments
ai...@google.com
ba...@google.com
on...@google.com
Hello,
Thank you for reaching out. I'm going to create an internal feature request. Please keep in mind that this feature request has to be analyzed and considered by the product team and I can't provide you ETA for it to be delivered. However, you can keep track of the status by following this thread.
Description
Please provide as much information as possible. At least, this should include a description of your issue and steps to reproduce the problem. If possible please provide a summary of what steps or workarounds you have already tried, and any docs or articles you found (un)helpful.
Problem you have encountered:
The permission container.pods.exec is currently not supported by IAM deny policies according to the documentation[1].
What you expected to happen:
Extend the deny permissions supported for GKE, specifically container.pods.exec.
[1]