Skip to content

Commit

Permalink
Remove Endpoints write access from aggregated edit role
Browse files Browse the repository at this point in the history
  • Loading branch information
@robscott
robscott committed Jul 14, 2021
1 parent d6f2473 commit 416efda
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 2 deletions.
2 changes: 1 addition & 1 deletion plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,7 @@ func ClusterRoles() []rbacv1.ClusterRole {

rbacv1helpers.NewRule(Write...).Groups(legacyGroup).Resources("pods", "pods/attach", "pods/proxy", "pods/exec", "pods/portforward").RuleOrDie(),
rbacv1helpers.NewRule(Write...).Groups(legacyGroup).Resources("replicationcontrollers", "replicationcontrollers/scale", "serviceaccounts",
"services", "services/proxy", "endpoints", "persistentvolumeclaims", "configmaps", "secrets", "events").RuleOrDie(),
"services", "services/proxy", "persistentvolumeclaims", "configmaps", "secrets", "events").RuleOrDie(),

rbacv1helpers.NewRule(Write...).Groups(discoveryGroup).Resources("endpointslices").RuleOrDie(),

Expand Down
1 change: 0 additions & 1 deletion plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,6 @@ items:
- ""
resources:
- configmaps
- endpoints
- events
- persistentvolumeclaims
- replicationcontrollers
Expand Down

0 comments on commit 416efda

Please sign in to comment.