From de88ae2f61ccb0f8b2abe15bd6436ae54078963e Mon Sep 17 00:00:00 2001 From: Monis Khan Date: Wed, 10 Feb 2021 18:02:18 -0500 Subject: [PATCH] Fix status related RBAC Signed-off-by: Monis Khan --- deploy/concierge/rbac.yaml | 8 ++++++-- deploy/supervisor/rbac.yaml | 6 +++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/deploy/concierge/rbac.yaml b/deploy/concierge/rbac.yaml index a54c94a2..e74ae281 100644 --- a/deploy/concierge/rbac.yaml +++ b/deploy/concierge/rbac.yaml @@ -17,7 +17,7 @@ rules: verbs: [ get, list, watch ] - apiGroups: [ apiregistration.k8s.io ] resources: [ apiservices ] - verbs: [ create, get, list, patch, update, watch ] + verbs: [ get, list, patch, update, watch ] - apiGroups: [ admissionregistration.k8s.io ] resources: [ validatingwebhookconfigurations, mutatingwebhookconfigurations ] verbs: [ get, list, watch ] @@ -34,7 +34,11 @@ rules: - apiGroups: - #@ pinnipedDevAPIGroupWithPrefix("config.concierge") resources: [ credentialissuers ] - verbs: [ get, list, watch, create, update ] + verbs: [ get, list, watch, create ] + - apiGroups: + - #@ pinnipedDevAPIGroupWithPrefix("config.concierge") + resources: [ credentialissuers/status ] + verbs: [get, patch, update] - apiGroups: - #@ pinnipedDevAPIGroupWithPrefix("authentication.concierge") resources: [ jwtauthenticators, webhookauthenticators ] diff --git a/deploy/supervisor/rbac.yaml b/deploy/supervisor/rbac.yaml index ea7f4e65..cb84f342 100644 --- a/deploy/supervisor/rbac.yaml +++ b/deploy/supervisor/rbac.yaml @@ -19,7 +19,11 @@ rules: - apiGroups: - #@ pinnipedDevAPIGroupWithPrefix("config.supervisor") resources: [federationdomains] - verbs: [update, get, list, watch] + verbs: [get, list, watch] + - apiGroups: + - #@ pinnipedDevAPIGroupWithPrefix("config.supervisor") + resources: [federationdomains/status] + verbs: [get, patch, update] - apiGroups: - #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor") resources: [oidcidentityproviders]