vexxhost/rbac-helm
Code Issues Proposed changes

Add service permission to member role

Browse Source 
Change-Id: Iab5f566ce4cbadb1df6cfa1c57756b6c66e0e1e2
This commit is contained in:
okozachenko 2020-08-05 00:52:18 +03:00
parent e5b54502e1
commit 2d65aa29fa
2 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
charts/rbac/templates/clusterrole-members.yaml
View File

@ -18,9 +18,17 @@ kind: ClusterRole
metadata:
name: rbac-members
rules:
# List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs
# List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs & services
- apiGroups: [""]
resources: ["configmaps", "nodes", "namespaces", "persistentvolumeclaims", "persistentvolumes", "pods", "pods/log"]
resources:
- "configmaps"
- "nodes"
- "namespaces"
- "persistentvolumeclaims"
- "persistentvolumes"
- "pods"
- "pods/log"
- "services"
verbs: ["get", "list", "watch"]
# List all get applications
- apiGroups: ["apps"]

8
playbooks/functional.yaml
View File

@ -146,4 +146,10 @@
- name: Ensure listing configmaps works
shell: kubectl --context=test get configmaps
- name: Ensure getting a configmap works
shell: kubectl --context=test get configmap test
shell: kubectl --context=test get configmap test
# List and get service
- name: Ensure listing services works
shell: kubectl --context=test get services
- name: Ensure getting a configmap works
shell: kubectl --context=test get service kubernetes