Skip to content

Allow controller ClusterRole read access to Secrets when secret fields present #745

New issue
New issue
Closed
Closed
Allow controller ClusterRole read access to Secrets when secret fields present#745
Assignees
RedbackThomson
Labels
kind/bugCategorizes issue or PR as related to a bug.
Milestone
ACK Core (2021-06-11 thru 2021-06-24)
@jaypipes

Description

@jaypipes
jaypipes
opened on Apr 27, 2021

When a CRD has one of its fields replaced with a SecretKeyReference field, the controller's reconciler will need to read the value of a referred-to Secret. However, the ClusterRole that we set up for ACK service controllers does not provide read access to Secret resources:

https://github.com/aws-controllers-k8s/code-generator/blob/94186d92e778792ccba11b5db3478e037256b36b/templates/pkg/resource/registry.go.tpl#L10-L13

We need to add some logic into the above template that conditionally adds the kubebuilder RBAC annotations for the controller ClusterRole to read Secrets but only when any resource in any resource manager embedded in the controller has a SecretKeyReference field.

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes issue or PR as related to a bug.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions