Merge pull request #274 from JoelSpeed/azure-fine-grained-role

openshift-merge-robot · web-flow · commit 786dda442246 · 2023-08-15T09:48:14.000-02:30
OCPCLOUD-2013: Move Azure Credentials Request to custom role
diff --git a/manifests/0000_26_cloud-controller-manager-operator_14_credentialsrequest-azure.yaml b/manifests/0000_26_cloud-controller-manager-operator_14_credentialsrequest-azure.yaml
@@ -13,7 +13,15 @@ spec:
   providerSpec:
     apiVersion: cloudcredential.openshift.io/v1
     kind: AzureProviderSpec
-    roleBindings:
-      - role: Contributor
+    permissions:
+    - Microsoft.Compute/virtualMachines/read
+    - Microsoft.Network/loadBalancers/read
+    - Microsoft.Network/loadBalancers/write
+    - Microsoft.Network/networkInterfaces/read
+    - Microsoft.Network/networkSecurityGroups/read
+    - Microsoft.Network/networkSecurityGroups/write
+    - Microsoft.Network/publicIPAddresses/join/action
+    - Microsoft.Network/publicIPAddresses/read
+    - Microsoft.Network/publicIPAddresses/write
   serviceAccountNames:
   - cloud-controller-manager
