fix(operator): grant session SA secret-read and session-create permissions

Gkrumbach07 · claude · Gkrumbach07 · commit f3e3b6115c5f · 2026-03-19T22:47:58.000-05:00
Revert the backend-side workaround and instead grant the session
ServiceAccount the permissions it needs:
- `create` on agenticsessions — allows sessions to spawn other sessions
  via backend tools
- `get` on secrets — allows backend to validate ambient-runner-secrets
  using the caller's token (preserving user RBAC enforcement)

This keeps the backend's RBAC enforcement intact while giving session
ServiceAccounts the access they need for backend tool operations.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/components/backend/handlers/sessions.go b/components/backend/handlers/sessions.go
@@ -616,9 +616,7 @@ func CreateSession(c *gin.Context) {
 
 		// Always verify the runner secrets exist (even if registry is unavailable
 		// and requiredKeys is nil — prevents sessions without any API keys).
-		// Use the backend's own service account (K8sClient) rather than the
-		// caller's token — session ServiceAccounts lack secret-read permission.
-		sec, err := K8sClient.CoreV1().Secrets(project).Get(c.Request.Context(), runnerSecretsName, v1.GetOptions{})
+		sec, err := reqK8s.CoreV1().Secrets(project).Get(c.Request.Context(), runnerSecretsName, v1.GetOptions{})
 		if err != nil {
 			if errors.IsNotFound(err) {
 				log.Printf("Session creation blocked: %s secret missing in project %s", runnerSecretsName, project)
diff --git a/components/operator/internal/handlers/sessions.go b/components/operator/internal/handlers/sessions.go
@@ -2455,13 +2455,19 @@ func regenerateRunnerToken(sessionNamespace, sessionName string, session *unstru
 			{
 				APIGroups: []string{"vteam.ambient-code"},
 				Resources: []string{"agenticsessions"},
-				Verbs:     []string{"get", "list", "watch", "update", "patch"},
+				Verbs:     []string{"get", "list", "watch", "create", "update", "patch"},
 			},
 			{
 				APIGroups: []string{"authorization.k8s.io"},
 				Resources: []string{"selfsubjectaccessreviews"},
 				Verbs:     []string{"create"},
 			},
+			{
+				// Allow sessions to read runner secrets for backend API validation
+				APIGroups: []string{""},
+				Resources: []string{"secrets"},
+				Verbs:     []string{"get"},
+			},
 		},
 	}
 	if _, err := config.K8sClient.RbacV1().Roles(sessionNamespace).Create(context.TODO(), role, v1.CreateOptions{}); err != nil {
