Skip to content

Commit

Permalink
Add secret list and watch permissions to RBAC rules for agones-contro…
Browse files Browse the repository at this point in the history
…ller service account (#762)
  • Loading branch information
pooneh-m authored and markmandel committed May 9, 2019
1 parent 256c339 commit 708ec07
Show file tree
Hide file tree
Showing 5 changed files with 16 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ rules:
resources: ["pods"]
verbs: ["create", "delete", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
resources: ["nodes", "secrets"]
verbs: ["list", "watch"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
Expand All @@ -65,6 +65,7 @@ rules:
resources: ["gameserverallocationpolicies"]
verbs: ["create", "delete", "get", "list", "update", "watch"]


---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down
3 changes: 2 additions & 1 deletion install/yaml/install.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ rules:
resources: ["pods"]
verbs: ["create", "delete", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
resources: ["nodes", "secrets"]
verbs: ["list", "watch"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
Expand All @@ -63,6 +63,7 @@ rules:
resources: ["gameserverallocationpolicies"]
verbs: ["create", "delete", "get", "list", "update", "watch"]


---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down
7 changes: 4 additions & 3 deletions pkg/gameserverallocations/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,9 +70,9 @@ var (
)

const (
secretClientCertName = "client-cert"
secretClientKeyName = "client-key"
secretCaCertName = "ca-cert"
secretClientCertName = "client.crt"
secretClientKeyName = "client.key"
secretCaCertName = "ca.crt"
)

// Controller is a the GameServerAllocation controller
Expand Down Expand Up @@ -375,6 +375,7 @@ func (c *Controller) allocateFromRemoteCluster(gsa v1alpha1.GameServerAllocation
return nil, err
}
if response.StatusCode >= 400 {
// For error responses return the body without deserializing to an object.
return nil, errors.New(string(data))
}

Expand Down
12 changes: 6 additions & 6 deletions pkg/gameserverallocations/controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1014,7 +1014,7 @@ func TestCreateRestClientError(t *testing.T) {
return true, &corev1.SecretList{
Items: []corev1.Secret{{
Data: map[string][]byte{
"client-cert": clientCert,
"client.crt": clientCert,
},
ObjectMeta: metav1.ObjectMeta{
Name: "secret-name",
Expand All @@ -1038,8 +1038,8 @@ func TestCreateRestClientError(t *testing.T) {
return true, &corev1.SecretList{
Items: []corev1.Secret{{
Data: map[string][]byte{
"client-cert": []byte("XXX"),
"client-key": []byte("XXX"),
"client.crt": []byte("XXX"),
"client.key": []byte("XXX"),
},
ObjectMeta: metav1.ObjectMeta{
Name: "secret-name",
Expand Down Expand Up @@ -1159,9 +1159,9 @@ func getTestSecret(secretName string, serverCert []byte) *corev1.SecretList {
Items: []corev1.Secret{
{
Data: map[string][]byte{
"ca-cert": serverCert,
"client-key": clientKey,
"client-cert": clientCert,
"ca.crt": serverCert,
"client.key": clientKey,
"client.crt": clientCert,
},
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
Expand Down
2 changes: 2 additions & 0 deletions site/content/en/docs/Reference/agones_crd_api_reference.html
Original file line number Diff line number Diff line change
Expand Up @@ -2227,6 +2227,8 @@ <h3 id="WebhookPolicy">WebhookPolicy





{{% feature publishVersion="0.10.0" %}}
<p>Packages:</p>
<ul>
Expand Down

0 comments on commit 708ec07

Please sign in to comment.