hcp-terraform-operator

Description

Official Helm chart for HCP Terraform Operator for Kubernetes.

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`hcp-terraform-operator`	default	❌	—	21	2	Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `hcp-terraform-operator`

Namespace: default | Automount: ❌

🔑 Permissions (21)

Role	Resource	Verbs	Risk	Tags
ClusterRole `hcp-terraform-operator-manager-role`	apps/deployments	create · delete · get · list · patch · update · watch	Critical	Persistence PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
Role `hcp-terraform-operator-leader-election-role`	coordination.k8s.io/leases	create · delete · get · list · patch · update · watch	Critical	ControlPlaneDisruption CriticalNamespace DenialOfService Tampering
Role `hcp-terraform-operator-leader-election-role`	core/configmaps	create · delete · get · list · patch · update · watch	High	ConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole `hcp-terraform-operator-proxy-role`	authorization.k8s.io/subjectaccessreviews	create	Medium	InformationDisclosure RBACQuery
ClusterRole `hcp-terraform-operator-proxy-role`	authentication.k8s.io/tokenreviews	create	Medium	CredentialAccess InformationDisclosure RBACQuery
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/agentpools	create · delete · get · list · patch · update · watch	Low
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/agentpools/finalizers	update	Low
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/agentpools/status	get · patch · update	Low
ClusterRole `hcp-terraform-operator-manager-role`	core/configmaps	create · list · update · watch	Low
ClusterRole `hcp-terraform-operator-manager-role`	core/events	create · patch	Low
Role `hcp-terraform-operator-leader-election-role`	core/events	create · patch	Low
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/modules	create · delete · get · list · patch · update · watch	Low
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/modules/finalizers	update	Low
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/modules/status	get · patch · update	Low
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/projects	create · delete · get · list · patch · update · watch	Low
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/projects/finalizers	update	Low
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/projects/status	get · patch · update	Low
ClusterRole `hcp-terraform-operator-manager-role`	core/secrets	create · list · update · watch	Low
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/workspaces	create · delete · get · list · patch · update · watch	Low
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/workspaces/finalizers	update	Low
ClusterRole `hcp-terraform-operator-manager-role`	app.terraform.io/workspaces/status	get · patch · update	Low

⚠️ Potential Abuse (8)

The following security risks were found based on the above permissions:

📦 Workloads (2)

Kind	Name	Container	Image
Deployment	hcp-terraform-operator	kube-rbac-proxy	quay.io/brancz/kube-rbac-proxy:v0.19.1
Deployment	hcp-terraform-operator	manager	hashicorp/hcp-terraform-operator:2.9.2

hcp-terraform-operator

Description

Overview

Identities

🤖 hcp-terraform-operator

🔑 Permissions (21)

⚠️ Potential Abuse (8)

📦 Workloads (2)

🤖 `hcp-terraform-operator`