From a3f44202c535b75f6a15558194fe4918fb80e4c4 Mon Sep 17 00:00:00 2001 From: Francis Nijay Date: Tue, 19 Mar 2024 18:04:56 +0530 Subject: [PATCH] Remove secret create restriction by resourcenames (#529) * Removed restriction by resourcenames * Moved permissions from clusterrole to role * Moved permissions from clusterrole to role * Update statefulset.yaml * Update statefulset.yaml * Update statefulset.yaml * Added list permission for secret at cluster level * removed list secret * review changes * review changes --------- Co-authored-by: Jooseppi Luna (cherry picked from commit 7520e8acfd8796914fa64d77a417a29757bbe3d5) --- .../v1.0.0/statefulset.yaml | 39 +++++++++++-------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index 57475afdb..5c4ad6381 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -42,7 +42,7 @@ rules: verbs: ["list", "watch"] - apiGroups: [""] resources: ["namespaces"] - verbs: ["get", "list", "watch", "create"] + verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["list", "watch"] @@ -67,21 +67,12 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csidrivers"] verbs: ["list", "watch", "get"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create", "delete", "update"] - apiGroups: ["storage.dell.com"] resources: ["containerstoragemodules"] - verbs: ["list", "create", "get", "delete", "watch"] + verbs: ["list", "get", "watch"] - apiGroups: ["mobility.storage.dell.com"] resources: ["backups"] - verbs: ["list", "create", "get"] - - apiGroups: ["cert-manager.io"] - resources: ["issuers"] - verbs: ["list", "get", "create", "delete"] - - apiGroups: ["cert-manager.io"] - resources: ["certificates"] - verbs: ["list", "get", "create", "delete"] + verbs: ["list", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -105,7 +96,10 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["list","get", "create", "update", "delete"] + verbs: ["list","get", "create", "update", "delete", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create", "delete", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -129,8 +123,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - resourceNames: ["iv", "dls-license"] - verbs: ["list","get", "create", "update", "delete"] + verbs: ["get", "create", "update", "delete", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -154,7 +147,10 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["list","get", "create", "update", "delete"] + verbs: ["list","get", "create", "update", "delete", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create", "delete", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -178,7 +174,16 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["list","get", "create", "update", "delete"] + verbs: ["list","get", "create", "update", "delete","watch"] + - apiGroups: ["storage.dell.com"] + resources: ["containerstoragemodules"] + verbs: ["create", "delete"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create", "delete", "update"] + - apiGroups: ["mobility.storage.dell.com"] + resources: ["backups"] + verbs: ["create"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding