vexxhost
/
rbac-helm
Code Issues Proposed changes

Merge "Add service permission to member role"

This commit is contained in:
Zuul 2020-08-05 14:48:26 +00:00 committed by Gerrit Code Review
parent 5eda02ba3e 2d65aa29fa
commit ff528d4342
2 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
charts/rbac/templates/clusterrole-members.yaml
View File

@ -18,9 +18,17 @@ kind: ClusterRole
metadata:
name: rbac-members
rules:
# List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs
# List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs & services
- apiGroups: [""]
resources: ["configmaps", "nodes", "namespaces", "persistentvolumeclaims", "persistentvolumes", "pods", "pods/log"]
resources:
- "configmaps"
- "nodes"
- "namespaces"
- "persistentvolumeclaims"
- "persistentvolumes"
- "pods"
- "pods/log"
- "services"
verbs: ["get", "list", "watch"]
# List all get applications
- apiGroups: ["apps"]

8
playbooks/functional.yaml
View File

@ -146,4 +146,10 @@
- name: Ensure listing configmaps works
shell: kubectl --context=test get configmaps
- name: Ensure getting a configmap works
shell: kubectl --context=test get configmap test
shell: kubectl --context=test get configmap test
# List and get service
- name: Ensure listing services works
shell: kubectl --context=test get services
- name: Ensure getting a configmap works
shell: kubectl --context=test get service kubernetes