RBAC rules for ldapidentityproviders to grant permissions to controller

2021-04-13 17:26:53 -07:00 · 2021-04-13 17:26:53 -07:00 · 6bba529b10
parent 14ff5ee4ff
commit 6bba529b10
1 changed files with 8 additions and 0 deletions
--- a/deploy/supervisor/rbac.yaml
+++ b/deploy/supervisor/rbac.yaml
@ -32,6 +32,14 @@ rules:
      - #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
    resources: [oidcidentityproviders/status]
    verbs: [get, patch, update]
+  - apiGroups:
+      - #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
+    resources: [ldapidentityproviders]
+    verbs: [get, list, watch]
+  - apiGroups:
+      - #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
+    resources: [ldapidentityproviders/status]
+    verbs: [get, patch, update]
    #! We want to be able to read pods/replicasets/deployment so we can learn who our deployment is to set
    #! as an owner reference.
  - apiGroups: [""]