Skip to content

Commit

Permalink
Merge pull request operator-framework#444 from ecordell/perms
Browse files Browse the repository at this point in the history
chore(rbac): add olm-specific ClusterRole
  • Loading branch information
ecordell authored Sep 5, 2018
2 parents df2ed24 + e6bc5c3 commit 53d1d32
Show file tree
Hide file tree
Showing 6 changed files with 12 additions and 21 deletions.
2 changes: 0 additions & 2 deletions .gitlab-ci.jsonnet
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ local jobs = {
'builder': images.ci.alm.name,
'olm': images.prerelease.alm.name,
'catalog': images.prerelease.catalog.name,
'broker': images.prerelease.servicebroker.name,
'e2e': images.e2e.name,
}) +
docker.run(images.ci.alm.name, "make verify-codegen verify-catalog")
Expand All @@ -69,7 +68,6 @@ local jobs = {
script:
docker.rename(images.prerelease.alm.name, images.release.alm.name) +
docker.rename(images.prerelease.catalog.name, images.release.catalog.name) +
docker.rename(images.prerelease.servicebroker.name, images.release.servicebroker.name) +
docker.rename(images.e2e.name, images.e2elatest.name),

} + onlyMaster,
Expand Down
5 changes: 0 additions & 5 deletions .gitlab-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,12 +55,10 @@ container-build:
image: docker:git
script:
- docker build -f upstream.Dockerfile .
- "docker tag $(docker images --filter 'label=broker=true' --format '{{.CreatedAt}}\t{{.ID}}' | sort -nr | head -n 1 | cut -f2) quay.io/coreos/alm-service-broker-ci:${CI_COMMIT_REF_SLUG}-pre"
- "docker tag $(docker images --filter 'label=builder=true' --format '{{.CreatedAt}}\t{{.ID}}' | sort -nr | head -n 1 | cut -f2) quay.io/coreos/alm-ci:${CI_COMMIT_REF_SLUG}"
- "docker tag $(docker images --filter 'label=catalog=true' --format '{{.CreatedAt}}\t{{.ID}}' | sort -nr | head -n 1 | cut -f2) quay.io/coreos/catalog-ci:${CI_COMMIT_REF_SLUG}-pre"
- "docker tag $(docker images --filter 'label=e2e=true' --format '{{.CreatedAt}}\t{{.ID}}' | sort -nr | head -n 1 | cut -f2) quay.io/coreos/alm-e2e:${CI_COMMIT_REF_SLUG}-${SHA8}"
- "docker tag $(docker images --filter 'label=olm=true' --format '{{.CreatedAt}}\t{{.ID}}' | sort -nr | head -n 1 | cut -f2) quay.io/coreos/alm-ci:${CI_COMMIT_REF_SLUG}-pre"
- docker push quay.io/coreos/alm-service-broker-ci:${CI_COMMIT_REF_SLUG}-pre
- docker push quay.io/coreos/alm-ci:${CI_COMMIT_REF_SLUG}
- docker push quay.io/coreos/catalog-ci:${CI_COMMIT_REF_SLUG}-pre
- docker push quay.io/coreos/alm-e2e:${CI_COMMIT_REF_SLUG}-${SHA8}
Expand All @@ -87,9 +85,6 @@ container-release:
- docker pull quay.io/coreos/catalog-ci:${CI_COMMIT_REF_SLUG}-pre
- docker tag quay.io/coreos/catalog-ci:${CI_COMMIT_REF_SLUG}-pre quay.io/coreos/catalog:${CI_COMMIT_REF_SLUG}-${SHA8}
- docker push quay.io/coreos/catalog:${CI_COMMIT_REF_SLUG}-${SHA8}
- docker pull quay.io/coreos/alm-service-broker-ci:${CI_COMMIT_REF_SLUG}-pre
- docker tag quay.io/coreos/alm-service-broker-ci:${CI_COMMIT_REF_SLUG}-pre quay.io/coreos/alm-service-broker:${CI_COMMIT_REF_SLUG}-${SHA8}
- docker push quay.io/coreos/alm-service-broker:${CI_COMMIT_REF_SLUG}-${SHA8}
- docker pull quay.io/coreos/alm-e2e:${CI_COMMIT_REF_SLUG}-${SHA8}
- docker tag quay.io/coreos/alm-e2e:${CI_COMMIT_REF_SLUG}-${SHA8} quay.io/coreos/alm-e2e:latest
- docker push quay.io/coreos/alm-e2e:latest
Expand Down
10 changes: 0 additions & 10 deletions .gitlab-ci/vars.libsonnet
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,6 @@ local utils = import "utils.libsonnet";
tag: "${CI_COMMIT_REF_SLUG}-${SHA8}",
name: utils.containerName(self.repo, self.tag),
},
servicebroker: {
repo: "quay.io/coreos/alm-service-broker",
tag: "${CI_COMMIT_REF_SLUG}-${SHA8}",
name: utils.containerName(self.repo, self.tag),
},
},

ci: {
Expand Down Expand Up @@ -75,11 +70,6 @@ local utils = import "utils.libsonnet";
tag: "${CI_COMMIT_REF_SLUG}-pre",
name: utils.containerName(self.repo, self.tag),
},
servicebroker: {
repo: "quay.io/coreos/alm-service-broker-ci",
tag: "${CI_COMMIT_REF_SLUG}-pre",
name: utils.containerName(self.repo, self.tag),
},
},
},
}
10 changes: 10 additions & 0 deletions deploy/chart/templates/00-olm-operator.clusterrole.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: {{ .Values.rbacApiVersion }}/v1
kind: ClusterRole
metadata:
name: system:controller:operator-lifecycle-manager
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
- nonResourceURLs: ["*"]
verbs: ["*"]
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,3 @@ apiVersion: v1
metadata:
name: olm-operator-serviceaccount
namespace: {{ .Values.namespace }}
imagePullSecrets:
- name: coreos-pull-secret
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ kind: ClusterRoleBinding
metadata:
name: olm-operator-binding-{{ .Values.namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
apiGroup: {{ .Values.rbacApiVersion }}
kind: ClusterRole
name: cluster-admin
name: system:controller:operator-lifecycle-manager
subjects:
- kind: ServiceAccount
name: olm-operator-serviceaccount
Expand Down

0 comments on commit 53d1d32

Please sign in to comment.