djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix status related RBAC 

Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
Monis Khan 2021-02-10 18:02:18 -05:00
parent dd3d1c8b1b
commit de88ae2f61
No known key found for this signature in database
GPG Key ID: 52C90ADA01B269B8
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
deploy/concierge/rbac.yaml
View File

@ -17,7 +17,7 @@ rules:
verbs: [ get, list, watch ] verbs: [ get, list, watch ]
- apiGroups: [ apiregistration.k8s.io ] - apiGroups: [ apiregistration.k8s.io ]
resources: [ apiservices ] resources: [ apiservices ]
verbs: [ create, get, list, patch, update, watch ] verbs: [ get, list, patch, update, watch ]
- apiGroups: [ admissionregistration.k8s.io ] - apiGroups: [ admissionregistration.k8s.io ]
resources: [ validatingwebhookconfigurations, mutatingwebhookconfigurations ] resources: [ validatingwebhookconfigurations, mutatingwebhookconfigurations ]
verbs: [ get, list, watch ] verbs: [ get, list, watch ]
@ -34,7 +34,11 @@ rules:
- apiGroups: - apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("config.concierge") - #@ pinnipedDevAPIGroupWithPrefix("config.concierge")
resources: [ credentialissuers ] resources: [ credentialissuers ]
verbs: [ get, list, watch, create, update ] verbs: [ get, list, watch, create ]
- apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("config.concierge")
resources: [ credentialissuers/status ]
verbs: [get, patch, update]
- apiGroups: - apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("authentication.concierge") - #@ pinnipedDevAPIGroupWithPrefix("authentication.concierge")
resources: [ jwtauthenticators, webhookauthenticators ] resources: [ jwtauthenticators, webhookauthenticators ]

6
deploy/supervisor/rbac.yaml
View File

@ -19,7 +19,11 @@ rules:
- apiGroups: - apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("config.supervisor") - #@ pinnipedDevAPIGroupWithPrefix("config.supervisor")
resources: [federationdomains] resources: [federationdomains]
verbs: [update, get, list, watch] verbs: [get, list, watch]
- apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("config.supervisor")
resources: [federationdomains/status]
verbs: [get, patch, update]
- apiGroups: - apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor") - #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
resources: [oidcidentityproviders] resources: [oidcidentityproviders]