vexxhost
/
rbac-helm
Code Issues Proposed changes

Merge "Add service permission to member role"

This commit is contained in:
Zuul 2020-08-05 14:48:26 +00:00 committed by Gerrit Code Review
parent 5eda02ba3e 2d65aa29fa
commit ff528d4342
2 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
charts/rbac/templates/clusterrole-members.yaml
View File

@ -18,9 +18,17 @@ kind: ClusterRole
metadata: metadata:
name: rbac-members name: rbac-members
rules: rules:
# List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs # List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs & services
- apiGroups: [""] - apiGroups: [""]
resources: ["configmaps", "nodes", "namespaces", "persistentvolumeclaims", "persistentvolumes", "pods", "pods/log"] resources:
- "configmaps"
- "nodes"
- "namespaces"
- "persistentvolumeclaims"
- "persistentvolumes"
- "pods"
- "pods/log"
- "services"
verbs: ["get", "list", "watch"] verbs: ["get", "list", "watch"]
# List all get applications # List all get applications
- apiGroups: ["apps"] - apiGroups: ["apps"]

8
playbooks/functional.yaml
View File

@ -146,4 +146,10 @@
- name: Ensure listing configmaps works - name: Ensure listing configmaps works
shell: kubectl --context=test get configmaps shell: kubectl --context=test get configmaps
- name: Ensure getting a configmap works - name: Ensure getting a configmap works
shell: kubectl --context=test get configmap test shell: kubectl --context=test get configmap test
# List and get service
- name: Ensure listing services works
shell: kubectl --context=test get services
- name: Ensure getting a configmap works
shell: kubectl --context=test get service kubernetes