Skip to content

Commit

Permalink
Merge pull request #16182 from deads2k/server-43-deletion
Browse files Browse the repository at this point in the history 
Automatic merge from submit-queue (batch tested with PRs 15994, 16182, 16190, 16174)

UPSTREAM: 49133: add controller permissions to set blockOwnerDeletion

It's going to take a couple runs here to find an fix the openshift roles that need updating.
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot committed Sep 7, 2017
2 parents bccbe9c + 0818d57 commit 52567ea
Show file tree
Hide file tree
Showing 6 changed files with 140 additions and 27 deletions.
4 changes: 3 additions & 1 deletion pkg/cmd/server/bootstrappolicy/controller_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ func init() {
ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + InfraBuildControllerServiceAccountName},
Rules: []rbac.PolicyRule{
rbac.NewRule("get", "list", "watch", "patch", "update", "delete").Groups(buildGroup, legacyBuildGroup).Resources("builds").RuleOrDie(),
rbac.NewRule("update").Groups(buildGroup, legacyBuildGroup).Resources("builds/finalizers").RuleOrDie(),
rbac.NewRule("get").Groups(buildGroup, legacyBuildGroup).Resources("buildconfigs").RuleOrDie(),
rbac.NewRule("create").Groups(buildGroup, legacyBuildGroup).Resources("builds/optimizeddocker", "builds/docker", "builds/source", "builds/custom", "builds/jenkinspipeline").RuleOrDie(),
rbac.NewRule("get", "list").Groups(imageGroup, legacyImageGroup).Resources("imagestreams").RuleOrDie(),
Expand Down Expand Up @@ -136,7 +137,8 @@ func init() {
Rules: []rbac.PolicyRule{
rbac.NewRule("create", "get", "list", "watch", "update", "patch", "delete").Groups(kapiGroup).Resources("replicationcontrollers").RuleOrDie(),
rbac.NewRule("update").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs/status").RuleOrDie(),
rbac.NewRule("get", "list", "watch", "delete").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs").RuleOrDie(),
rbac.NewRule("update").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs/finalizers").RuleOrDie(),
rbac.NewRule("get", "list", "watch").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs").RuleOrDie(),
eventsRule(),
},
})
Expand Down
68 changes: 60 additions & 8 deletions test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2784,6 +2784,13 @@ items:
- patch
- update
- watch
- apiGroups:
- ""
- build.openshift.io
resources:
- builds/finalizers
verbs:
- update
- apiGroups:
- ""
- build.openshift.io
Expand Down Expand Up @@ -2955,13 +2962,19 @@ items:
- deploymentconfigs/status
verbs:
- update
- apiGroups:
- ""
- apps.openshift.io
resources:
- deploymentconfigs/finalizers
verbs:
- update
- apiGroups:
- ""
- apps.openshift.io
resources:
- deploymentconfigs
verbs:
- delete
- get
- list
- watch
Expand Down Expand Up @@ -3799,7 +3812,6 @@ items:
resources:
- cronjobs
verbs:
- delete
- get
- list
- update
Expand All @@ -3822,6 +3834,12 @@ items:
- cronjobs/status
verbs:
- update
- apiGroups:
- batch
resources:
- cronjobs/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -3849,20 +3867,28 @@ items:
name: system:controller:daemon-set-controller
rules:
- apiGroups:
- apps
- extensions
resources:
- daemonsets
verbs:
- delete
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- daemonsets/status
verbs:
- update
- apiGroups:
- apps
- extensions
resources:
- daemonsets/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -3922,7 +3948,6 @@ items:
resources:
- deployments
verbs:
- delete
- get
- list
- update
Expand All @@ -3934,6 +3959,13 @@ items:
- deployments/status
verbs:
- update
- apiGroups:
- apps
- extensions
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- extensions
resources:
Expand Down Expand Up @@ -4199,7 +4231,6 @@ items:
resources:
- jobs
verbs:
- delete
- get
- list
- update
Expand All @@ -4210,6 +4241,12 @@ items:
- jobs/status
verbs:
- update
- apiGroups:
- batch
resources:
- jobs/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -4451,7 +4488,6 @@ items:
resources:
- replicasets
verbs:
- delete
- get
- list
- update
Expand All @@ -4462,6 +4498,12 @@ items:
- replicasets/status
verbs:
- update
- apiGroups:
- extensions
resources:
- replicasets/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -4496,7 +4538,6 @@ items:
resources:
- replicationcontrollers
verbs:
- delete
- get
- list
- update
Expand All @@ -4507,6 +4548,12 @@ items:
- replicationcontrollers/status
verbs:
- update
- apiGroups:
- ""
resources:
- replicationcontrollers/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -4677,7 +4724,6 @@ items:
resources:
- statefulsets
verbs:
- delete
- get
- list
- watch
Expand All @@ -4687,6 +4733,12 @@ items:
- statefulsets/status
verbs:
- update
- apiGroups:
- apps
resources:
- statefulsets/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
Expand Down
5 changes: 3 additions & 2 deletions vendor/k8s.io/kubernetes/plugin/pkg/admission/gc/gc_admission.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 13 additions & 1 deletion vendor/k8s.io/kubernetes/plugin/pkg/admission/gc/gc_admission_test.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

23 changes: 15 additions & 8 deletions ...or/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 52567ea

Please sign in to comment.