Mailbox-only service-account role #65

Closed
opened 2025-02-25 20:56:36 +00:00 by rasmus · 2 comments
Owner

image.png

I think svc accounts shouldn't have k-space:floor on them. It also complicates billing (if access then bill).

  1. Does removing them hurt deliverability? Probably no?
  2. Impersonate wouldn't work, k-space:friends is an option, in theory, or just k-space:mailservice new / separate role?
![image.png](/attachments/1f605a19-1e83-41d8-9a92-49cfaef78b8f) I think svc accounts shouldn't have `k-space:floor` on them. It also complicates billing (if access then bill). 1. Does removing them hurt deliverability? Probably no? 2. Impersonate wouldn't work, `k-space:friends` is an option, in theory, or just `k-space:mailservice` new / separate role?
eaas was assigned by rasmus 2025-02-25 20:56:36 +00:00
Owner

Wildduck components have k-space:floor whitelisted here and there but it shouldn't matter as none of those account are meant to access any ingress. And these are arbitrary groups so just change those to proposed k-space:mailservice but add that group here

value: k-space:friends,k-space:floor

Wildduck components have k-space:floor whitelisted here and there but it shouldn't matter as none of those account are meant to access any ingress. And these are arbitrary groups so just change those to proposed k-space:mailservice but add that group here https://git.k-space.ee/k-space/kube/src/commit/f82caf175148a87811b0a906461b4364729ae069/wildduck/wildduck-operator.yaml#L25
Author
Owner

Closed with ce2e6568b1 and 96ea54064c

Closed with https://git.k-space.ee/k-space/kube/commit/ce2e6568b1bc7f4a863a21a02fca3f9e4053d06b and https://git.k-space.ee/k-space/members/commit/96ea54064cc4ccd7b6616acf5c9bbed761af8db3
Sign in to join this conversation.
No description provided.