Legacy ABAC permissions are enabled.
Default Severity: high
Explanation
You should disable Attribute-Based Access Control (ABAC), and instead use Role-Based Access Control (RBAC) in GKE.
RBAC has significant security advantages and is now stable in Kubernetes, so it’s time to disable ABAC.
Possible Impact
ABAC permissions are less secure than RBAC permissions
Suggested Resolution
Switch to using RBAC permissions
Insecure Example
The following example will fail the google-gke-use-rbac-permissions check.
resource "google_container_cluster" "bad_example" {
enable_legacy_abac = "true"
}
Secure Example
The following example will pass the google-gke-use-rbac-permissions check.
resource "google_container_cluster" "good_example" {
# ...
# enable_legacy_abac not set
# ...
}