Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(rbac): sa and rbac definitions #117

Merged
merged 1 commit into from
Feb 23, 2021
Merged

fix(rbac): sa and rbac definitions #117

merged 1 commit into from
Feb 23, 2021

Conversation

SteveMattar
Copy link
Contributor

Sync the SA and RBAC definitions with what we have in submariner-operator.

Signed-off-by: Steve Mattar smattar@redhat.com

@SteveMattar SteveMattar enabled auto-merge (squash) February 23, 2021 00:31
@SteveMattar SteveMattar added this to the 0.9-m1 milestone Feb 23, 2021
@SteveMattar SteveMattar self-assigned this Feb 23, 2021
fix(rbac): sa and rbac definitions
ce9f395 
Sync the SA and RBAC definitions with what we have in submariner-operator.

Signed-off-by: Steve Mattar <smattar@redhat.com>
@SteveMattar SteveMattar force-pushed the submariner-operator-679 branch from 52366dc to ce9f395 Compare February 23, 2021 00:33
@SteveMattar SteveMattar mentioned this pull request Feb 23, 2021
Merged
@SteveMattar SteveMattar merged commit 7f2d832 into submariner-io:devel Feb 23, 2021
@mangelajo mangelajo mentioned this pull request Feb 23, 2021
Merged
sridhargaddam
sridhargaddam reviewed Feb 23, 2021
View reviewed changes
submariner/templates/rbac.yaml
verbs:
- '*'
- apiGroups:
- lighthouse.submariner.io
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does Engine Pod need access to lighthouse.submariner.io?

submariner/templates/rbac.yaml
Comment on lines +15 to +23
- pods
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
verbs:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SteveMattar Are we giving more permissions than what is really required?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sridhargaddam yes, I did not omit any role. The idea was to allow all permission the component used to have so that we don't break anything by mistake and the next step will be to remove uneeded roles.
This is what I have done in the operator as well.

@SteveMattar SteveMattar deleted the submariner-operator-679 branch February 23, 2021 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sridhargaddam sridhargaddam sridhargaddam left review comments

@mangelajo mangelajo mangelajo approved these changes

@skitt skitt skitt approved these changes

@Oats87 Oats87 Awaiting requested review from Oats87 Oats87 is a code owner

@tpantelis tpantelis Awaiting requested review from tpantelis tpantelis is a code owner

@vthapar vthapar Awaiting requested review from vthapar vthapar is a code owner

@dfarrell07 dfarrell07 Awaiting requested review from dfarrell07

Assignees

@SteveMattar SteveMattar

Labels
None yet
Projects
None yet
Milestone
0.9-m1
Development

Successfully merging this pull request may close these issues.
4 participants
@SteveMattar @mangelajo @skitt @sridhargaddam