implemented here: https://github.com/vitessio/vitess/tree/main/go/vt/vtadmin/rbac. VTAdmin checks RBAC rules in the route handlers with a call to IsAuthorized, for example: https://github.com/vitessio/vites granted access to via RBAC rules, that is a breach of security. An RBAC permission should only allow a user to carry out the actions against the resources that match the RBAC rules specified by the cluster review of Vitess. SLSA is a framework for assessing artifact integrity and ensure a secure supply chain for downstream users. In this part of the audit, we assessed Vitessʼs SLSA compliance by following

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Schema Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Check routing rules (optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Schema Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Check routing rules (optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Schema Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 Check routing rules (optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Schema Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Schema Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 Check routing rules (optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Interlude: check the routing rules (optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Phase

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Schema Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . and sanitization – Add limits and avoid non-deterministic updates. – Query blacklisting – Customize rules to prevent potentially problematic queries from hitting your database. – Query killer – Terminate impact database performance for all users. Vitess employs a SQL parser that uses a configurable set of rules to rewrite queries that might hurt database performance. Sharding is a process of partitioning your

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Schema Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . and sanitization – Add limits and avoid non-deterministic updates. – Query blacklisting – Customize rules to prevent potentially problematic queries from hitting your database. – Query killer – Terminate impact database performance for all users. Vitess employs a SQL parser that uses a configurable set of rules to rewrite queries that might hurt database performance. Sharding is a process of partitioning your

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Schema Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a subscriber can indirectly receive and apply events from the binlog. A user can apply filtering rules to a VStream to obtain in depth information about what is going on under the hood at a given keyspace and sanitization – Add limits and avoid non-deterministic updates. – Query blacklisting – Customize rules to prevent potentially problematic queries from hitting your database. – Query killer – Terminate

was investigated for common problems like AllowPrivilegeEscalation, the application of name-space rules in the network policies, the running of pods in privileged mode, and the characteristics of the