diff --git a/charts/kubescape-operator/templates/synchronizer/clusterrole.yaml b/charts/kubescape-operator/templates/synchronizer/clusterrole.yaml index 25be8772..96d3dc35 100644 --- a/charts/kubescape-operator/templates/synchronizer/clusterrole.yaml +++ b/charts/kubescape-operator/templates/synchronizer/clusterrole.yaml @@ -9,12 +9,18 @@ rules: resources: ["pods"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] - resources: ["deployments"] + resources: ["deployments", "statefulsets", "daemonsets", "replicasets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.k8s.io"] + resources: ["networkpolicies"] verbs: ["get", "list", "watch"] - apiGroups: ["spdx.softwarecomposition.kubescape.io"] - resources: ["applicationactivities", "applicationprofiles", "applicationprofilesummaries", "configurationscansummaries", "networkneighborses", "openvulnerabilityexchangecontainers", "sbomspdxv2p3s", "sbomspdxv2p3filtereds", "sbomsummaries", "vulnerabilitymanifests", "vulnerabilitymanifestsummaries", "vulnerabilitysummaries", "workloadconfigurationscans", "workloadconfigurationscansummaries"] + resources: ["applicationactivities", "applicationprofiles", "networkneighborses"] verbs: ["get", "watch", "list"] -# - apiGroups: ["spdx.softwarecomposition.kubescape.io"] -# resources: ["knownservers"] -# verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] + - apiGroups: ["spdx.softwarecomposition.kubescape.io"] + resources: ["knownservers"] + verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] {{- end }} diff --git a/charts/kubescape-operator/templates/synchronizer/configmap.yaml b/charts/kubescape-operator/templates/synchronizer/configmap.yaml index e387b2f7..43946310 100644 --- a/charts/kubescape-operator/templates/synchronizer/configmap.yaml +++ b/charts/kubescape-operator/templates/synchronizer/configmap.yaml @@ -18,57 +18,69 @@ data: "strategy": "patch" }, { - "group": "", + "group": "apps", "version": "v1", - "resource": "pods", + "resource": "statefulsets", "strategy": "patch" }, { - "group": "spdx.softwarecomposition.kubescape.io", - "version": "v1beta1", - "resource": "sbomspdxv2p3s", - "strategy": "copy" + "group": "apps", + "version": "v1", + "resource": "daemonsets", + "strategy": "patch" }, { - "group": "spdx.softwarecomposition.kubescape.io", - "version": "v1beta1", - "resource": "sbomspdxv2p3filtereds", - "strategy": "copy" + "group": "apps", + "version": "v1", + "resource": "replicasets", + "strategy": "patch" }, { - "group": "spdx.softwarecomposition.kubescape.io", - "version": "v1beta1", - "resource": "vulnerabilitymanifests", - "strategy": "copy" + "group": "batch", + "version": "v1", + "resource": "jobs", + "strategy": "patch" }, { - "group": "spdx.softwarecomposition.kubescape.io", - "version": "v1beta1", - "resource": "workloadconfigurationscans", - "strategy": "copy" + "group": "batch", + "version": "v1", + "resource": "cronjobs", + "strategy": "patch" + }, + { + "group": "", + "version": "v1", + "resource": "pods", + "strategy": "patch" + }, + { + "group": "networking.k8s.io", + "version": "v1", + "resource": "networkpolicies", + "strategy": "patch" }, { "group": "spdx.softwarecomposition.kubescape.io", "version": "v1beta1", - "resource": "applicationprofiles", + "resource": "applicationactivities", "strategy": "copy" }, { "group": "spdx.softwarecomposition.kubescape.io", "version": "v1beta1", - "resource": "applicationactivities", + "resource": "applicationprofiles", "strategy": "copy" }, { "group": "spdx.softwarecomposition.kubescape.io", "version": "v1beta1", - "resource": "networkneighborses", + "resource": "knownservers", "strategy": "copy" }, { "group": "spdx.softwarecomposition.kubescape.io", "version": "v1beta1", - "resource": "openvulnerabilityexchangecontainers", + "resource": "networkneighborses", "strategy": "copy" } ] diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index 710e38fe..9bfa1cd4 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -2716,6 +2716,26 @@ matches the snapshot: - apps resources: - deployments + - statefulsets + - daemonsets + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies verbs: - get - list @@ -2725,22 +2745,23 @@ matches the snapshot: resources: - applicationactivities - applicationprofiles - - applicationprofilesummaries - - configurationscansummaries - networkneighborses - - openvulnerabilityexchangecontainers - - sbomspdxv2p3s - - sbomspdxv2p3filtereds - - sbomsummaries - - vulnerabilitymanifests - - vulnerabilitymanifestsummaries - - vulnerabilitysummaries - - workloadconfigurationscans - - workloadconfigurationscansummaries verbs: - get - watch - list + - apiGroups: + - spdx.softwarecomposition.kubescape.io + resources: + - knownservers + verbs: + - get + - watch + - list + - create + - update + - patch + - delete 77: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -2768,57 +2789,69 @@ matches the snapshot: "strategy": "patch" }, { - "group": "", + "group": "apps", "version": "v1", - "resource": "pods", + "resource": "statefulsets", "strategy": "patch" }, { - "group": "spdx.softwarecomposition.kubescape.io", - "version": "v1beta1", - "resource": "sbomspdxv2p3s", - "strategy": "copy" + "group": "apps", + "version": "v1", + "resource": "daemonsets", + "strategy": "patch" }, { - "group": "spdx.softwarecomposition.kubescape.io", - "version": "v1beta1", - "resource": "sbomspdxv2p3filtereds", - "strategy": "copy" + "group": "apps", + "version": "v1", + "resource": "replicasets", + "strategy": "patch" }, { - "group": "spdx.softwarecomposition.kubescape.io", - "version": "v1beta1", - "resource": "vulnerabilitymanifests", - "strategy": "copy" + "group": "batch", + "version": "v1", + "resource": "jobs", + "strategy": "patch" }, { - "group": "spdx.softwarecomposition.kubescape.io", - "version": "v1beta1", - "resource": "workloadconfigurationscans", - "strategy": "copy" + "group": "batch", + "version": "v1", + "resource": "cronjobs", + "strategy": "patch" + }, + { + "group": "", + "version": "v1", + "resource": "pods", + "strategy": "patch" + }, + { + "group": "networking.k8s.io", + "version": "v1", + "resource": "networkpolicies", + "strategy": "patch" }, { "group": "spdx.softwarecomposition.kubescape.io", "version": "v1beta1", - "resource": "applicationprofiles", + "resource": "applicationactivities", "strategy": "copy" }, { "group": "spdx.softwarecomposition.kubescape.io", "version": "v1beta1", - "resource": "applicationactivities", + "resource": "applicationprofiles", "strategy": "copy" }, { "group": "spdx.softwarecomposition.kubescape.io", "version": "v1beta1", - "resource": "networkneighborses", + "resource": "knownservers", "strategy": "copy" }, { "group": "spdx.softwarecomposition.kubescape.io", "version": "v1beta1", - "resource": "openvulnerabilityexchangecontainers", + "resource": "networkneighborses", "strategy": "copy" } ] @@ -2855,7 +2888,7 @@ matches the snapshot: checksum/cloud-config: 253f0c05e8d2915ab3627479c2f810d8cf3d40b03c0807ec6af34da0e1d1e049 checksum/cloud-secret: 7a52a6a06abb711221729ad1ea112ce6b3d64144afde7ff807e46ed477fa2fe6 checksum/proxy-config: f2071cad863e27de0eec2175d24d505135c28d48c11a520ad04a9f4f8a5ac0b7 - checksum/synchronizer-configmap: 2ab60c33d0833338d971786cb779679455f5fa0ca12bee84f0aecb995a8a2e79 + checksum/synchronizer-configmap: 848dd8561ee759e419b37415a20528258c55a5ece19bb07df5df328bd0378fa7 labels: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME