Skip to content

Commit

Permalink
Revert "Merge pull request Mellanox#596 from adrianchiris/removed-wil…
Browse files Browse the repository at this point in the history 
…dcard-permissions"

This reverts commit 1804ba4, reversing
changes made to 40af795.

Signed-off-by: Fred Rolland <frolland@nvidia.com>
  • Loading branch information
@rollandf
rollandf committed Sep 18, 2023
1 parent 1804ba4 commit 5febfe5
Show file tree
Hide file tree
Showing 7 changed files with 19 additions and 26 deletions.
5 changes: 3 additions & 2 deletions config/manager/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,6 @@ configMapGenerator:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
newName: mellanox/network-operator
- digest: sha256:7005fa24a1ae52d927e76d50d90fddf6b6c7b08885a2dad3c7e5e2c2ac21c834
name: controller
newName: nvcr.io/nvidia/cloud-native/network-operator
20 changes: 7 additions & 13 deletions config/rbac/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,13 @@ rules:
- apiGroups:
- k8s.cni.cncf.io
resources:
- network-attachment-definitions
- '*'
verbs:
- '*'
- apiGroups:
- mellanox.com
resources:
- '*'
verbs:
- create
- delete
Expand Down Expand Up @@ -227,18 +233,6 @@ rules:
- get
- patch
- update
- apiGroups:
- mellanox.com
resources:
- nicclusterpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
Expand Down
3 changes: 1 addition & 2 deletions controllers/hostdevicenetwork_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,9 @@ type HostDeviceNetworkReconciler struct {
stateManager state.Manager
}

//nolint:lll
// +kubebuilder:rbac:groups=mellanox.com,resources=hostdevicenetworks,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=mellanox.com,resources=hostdevicenetworks/status,verbs=get;update;patch
// +kubebuilder:rbac:groups=k8s.cni.cncf.io,resources=network-attachment-definitions,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=k8s.cni.cncf.io,resources=*,verbs=*

// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
Expand Down
4 changes: 2 additions & 2 deletions controllers/ipoibnetwork_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,10 @@ type IPoIBNetworkReconciler struct {
stateManager state.Manager
}

//nolint:lll
// +kubebuilder:rbac:groups=mellanox.com,resources=ipoibnetworks,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=mellanox.com,resources=ipoibnetworks/status,verbs=get;update;patch
// +kubebuilder:rbac:groups=k8s.cni.cncf.io,resources=network-attachment-definitions,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=mellanox.com,resources=*,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=k8s.cni.cncf.io,resources=*,verbs=*

// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
Expand Down
4 changes: 2 additions & 2 deletions controllers/macvlannetwork_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ type MacvlanNetworkReconciler struct {
stateManager state.Manager
}

//nolint:lll
// +kubebuilder:rbac:groups=mellanox.com,resources=macvlannetworks,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=mellanox.com,resources=macvlannetworks/status,verbs=get;update;patch
// +kubebuilder:rbac:groups=k8s.cni.cncf.io,resources=network-attachment-definitions,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=mellanox.com,resources=*,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=k8s.cni.cncf.io,resources=*,verbs=*

// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
Expand Down
5 changes: 2 additions & 3 deletions controllers/nicclusterpolicy_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,8 @@ type NicClusterPolicyReconciler struct {
}

// In case of adding support for additional types, also update in getSupportedGVKs func in pkg/state/state_skel.go

//nolint:lll
// +kubebuilder:rbac:groups=mellanox.com,resources=nicclusterpolicies,verbs=get;list;watch;create;update;patch;delete
//nolint
// +kubebuilder:rbac:groups=mellanox.com,resources=*,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=security.openshift.io,resourceNames=privileged,resources=securitycontextconstraints,verbs=use
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;clusterrolebindings;roles;rolebindings,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=policy,resources=podsecuritypolicies,verbs=get;list;watch;create;update;patch;delete
Expand Down
4 changes: 2 additions & 2 deletions controllers/upgrade_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,8 @@ const plannedRequeueInterval = time.Minute * 2
// UpgradeStateAnnotation is kept for backwards cleanup TODO: drop in 2 releases
const UpgradeStateAnnotation = "nvidia.com/ofed-upgrade-state"

//nolint:lll
// +kubebuilder:rbac:groups=mellanox.com,resources=nicclusterpolicies,verbs=get;list;watch;create;update;patch;delete
//nolint
// +kubebuilder:rbac:groups=mellanox.com,resources=*,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch;update;patch
// +kubebuilder:rbac:groups="",resources=pods,verbs=list
// +kubebuilder:rbac:groups=apps,resources=deployments;daemonsets;replicasets;statefulsets;controllerrevisions,verbs=get;list;watch;create;update;patch;delete
Expand Down

0 comments on commit 5febfe5

Please sign in to comment.