RBAC rules for activedirectoryidentityprovider
This commit is contained in:
parent
3b8edb84a5
commit
be6f9f83ce
@ -40,6 +40,14 @@ rules:
|
|||||||
- #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
|
- #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
|
||||||
resources: [ldapidentityproviders/status]
|
resources: [ldapidentityproviders/status]
|
||||||
verbs: [get, patch, update]
|
verbs: [get, patch, update]
|
||||||
|
- apiGroups:
|
||||||
|
- #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
|
||||||
|
resources: [activedirectoryidentityproviders]
|
||||||
|
verbs: [get, list, watch]
|
||||||
|
- apiGroups:
|
||||||
|
- #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
|
||||||
|
resources: [activedirectoryidentityproviders/status]
|
||||||
|
verbs: [get, patch, update]
|
||||||
#! We want to be able to read pods/replicasets/deployment so we can learn who our deployment is to set
|
#! We want to be able to read pods/replicasets/deployment so we can learn who our deployment is to set
|
||||||
#! as an owner reference.
|
#! as an owner reference.
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
// Package activedirectoryupstreamwatcher implements a controller which watches LDAPIdentityProviders.
|
// Package activedirectoryupstreamwatcher implements a controller which watches ActiveDirectoryIdentityProviders.
|
||||||
package activedirectoryupstreamwatcher
|
package activedirectoryupstreamwatcher
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
@ -184,6 +184,20 @@ func TestGetAPIResourceList(t *testing.T) {
|
|||||||
Kind: "LDAPIdentityProvider",
|
Kind: "LDAPIdentityProvider",
|
||||||
Verbs: []string{"get", "patch", "update"},
|
Verbs: []string{"get", "patch", "update"},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Name: "activedirectoryidentityproviders",
|
||||||
|
SingularName: "activedirectoryidentityprovider",
|
||||||
|
Namespaced: true,
|
||||||
|
Kind: "ActiveDirectoryIdentityProvider",
|
||||||
|
Verbs: []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"},
|
||||||
|
Categories: []string{"pinniped", "pinniped-idp", "pinniped-idps"},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "activedirectoryidentityproviders/status",
|
||||||
|
Namespaced: true,
|
||||||
|
Kind: "ActiveDirectoryIdentityProvider",
|
||||||
|
Verbs: []string{"get", "patch", "update"},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
Loading…
Reference in New Issue
Block a user