Skip to content

Commit

Permalink
update controller roles
Browse files Browse the repository at this point in the history
  • Loading branch information
@deads2k
deads2k committed Sep 6, 2017
1 parent 5c3d1c9 commit 0818d57
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 9 deletions.
4 changes: 3 additions & 1 deletion pkg/cmd/server/bootstrappolicy/controller_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ func init() {
ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + InfraBuildControllerServiceAccountName},
Rules: []rbac.PolicyRule{
rbac.NewRule("get", "list", "watch", "patch", "update", "delete").Groups(buildGroup, legacyBuildGroup).Resources("builds").RuleOrDie(),
rbac.NewRule("update").Groups(buildGroup, legacyBuildGroup).Resources("builds/finalizers").RuleOrDie(),
rbac.NewRule("get").Groups(buildGroup, legacyBuildGroup).Resources("buildconfigs").RuleOrDie(),
rbac.NewRule("create").Groups(buildGroup, legacyBuildGroup).Resources("builds/optimizeddocker", "builds/docker", "builds/source", "builds/custom", "builds/jenkinspipeline").RuleOrDie(),
rbac.NewRule("get", "list").Groups(imageGroup, legacyImageGroup).Resources("imagestreams").RuleOrDie(),
Expand Down Expand Up @@ -136,7 +137,8 @@ func init() {
Rules: []rbac.PolicyRule{
rbac.NewRule("create", "get", "list", "watch", "update", "patch", "delete").Groups(kapiGroup).Resources("replicationcontrollers").RuleOrDie(),
rbac.NewRule("update").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs/status").RuleOrDie(),
rbac.NewRule("get", "list", "watch", "delete").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs").RuleOrDie(),
rbac.NewRule("update").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs/finalizers").RuleOrDie(),
rbac.NewRule("get", "list", "watch").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs").RuleOrDie(),
eventsRule(),
},
})
Expand Down
68 changes: 60 additions & 8 deletions test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2784,6 +2784,13 @@ items:
- patch
- update
- watch
- apiGroups:
- ""
- build.openshift.io
resources:
- builds/finalizers
verbs:
- update
- apiGroups:
- ""
- build.openshift.io
Expand Down Expand Up @@ -2955,13 +2962,19 @@ items:
- deploymentconfigs/status
verbs:
- update
- apiGroups:
- ""
- apps.openshift.io
resources:
- deploymentconfigs/finalizers
verbs:
- update
- apiGroups:
- ""
- apps.openshift.io
resources:
- deploymentconfigs
verbs:
- delete
- get
- list
- watch
Expand Down Expand Up @@ -3799,7 +3812,6 @@ items:
resources:
- cronjobs
verbs:
- delete
- get
- list
- update
Expand All @@ -3822,6 +3834,12 @@ items:
- cronjobs/status
verbs:
- update
- apiGroups:
- batch
resources:
- cronjobs/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -3849,20 +3867,28 @@ items:
name: system:controller:daemon-set-controller
rules:
- apiGroups:
- apps
- extensions
resources:
- daemonsets
verbs:
- delete
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- daemonsets/status
verbs:
- update
- apiGroups:
- apps
- extensions
resources:
- daemonsets/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -3922,7 +3948,6 @@ items:
resources:
- deployments
verbs:
- delete
- get
- list
- update
Expand All @@ -3934,6 +3959,13 @@ items:
- deployments/status
verbs:
- update
- apiGroups:
- apps
- extensions
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- extensions
resources:
Expand Down Expand Up @@ -4199,7 +4231,6 @@ items:
resources:
- jobs
verbs:
- delete
- get
- list
- update
Expand All @@ -4210,6 +4241,12 @@ items:
- jobs/status
verbs:
- update
- apiGroups:
- batch
resources:
- jobs/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -4451,7 +4488,6 @@ items:
resources:
- replicasets
verbs:
- delete
- get
- list
- update
Expand All @@ -4462,6 +4498,12 @@ items:
- replicasets/status
verbs:
- update
- apiGroups:
- extensions
resources:
- replicasets/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -4496,7 +4538,6 @@ items:
resources:
- replicationcontrollers
verbs:
- delete
- get
- list
- update
Expand All @@ -4507,6 +4548,12 @@ items:
- replicationcontrollers/status
verbs:
- update
- apiGroups:
- ""
resources:
- replicationcontrollers/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -4677,7 +4724,6 @@ items:
resources:
- statefulsets
verbs:
- delete
- get
- list
- watch
Expand All @@ -4687,6 +4733,12 @@ items:
- statefulsets/status
verbs:
- update
- apiGroups:
- apps
resources:
- statefulsets/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down

0 comments on commit 0818d57

Please sign in to comment.