Review security-model.md #153

Merged

eblume merged 2 commits from review/security-model-doc into main 2026-02-11 12:16:33 -08:00

Conversation 0 Commits 2 Files changed 2 +10 -3

eblume commented 2026-02-11 12:15:56 -08:00

Owner

Copy link

Summary

• Fix Ansible secret example: replaced incorrect op item get --fields with op read to match project convention
• Add new "Tailscale Operator Privileges" section documenting the operator's namespaced RBAC and OAuth client permissions
• Stamp last-reviewed: 2026-02-11

Review Notes

First review of this doc (previously never reviewed). Verified:

• All wiki-links resolve
• ACL structure matches actual pulumi/tailscale/policy.hujson
• TruffleHog pre-commit config exists as documented
• Ansible op read pattern matches actual usage in playbooks/roles

## Summary - Fix Ansible secret example: replaced incorrect `op item get --fields` with `op read` to match project convention - Add new "Tailscale Operator Privileges" section documenting the operator's namespaced RBAC and OAuth client permissions - Stamp `last-reviewed: 2026-02-11` ## Review Notes First review of this doc (previously never reviewed). Verified: - All wiki-links resolve - ACL structure matches actual `pulumi/tailscale/policy.hujson` - TruffleHog pre-commit config exists as documented - Ansible `op read` pattern matches actual usage in playbooks/roles

eblume added 1 commit 2026-02-11 12:15:56 -08:00

Review security-model.md: fix op CLI pattern, add operator section ... c9b4e34051

- Fix Ansible secret example: `op item get --fields` → `op read`
- Add Tailscale Operator Privileges section documenting RBAC scope
  and OAuth client permissions
- Stamp last-reviewed: 2026-02-11

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume added 1 commit 2026-02-11 12:16:12 -08:00

Add changelog fragment for security-model doc review ... 590a0e9315

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

eblume merged commit a59ff04249 into main 2026-02-11 12:16:33 -08:00

eblume referenced this pull request from a commit 2026-02-11 12:16:33 -08:00

Review security-model.md (#153)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

eblume/blumeops!153

No description provided.