Skip to content

Commit 0818d57

Browse files
deads2kdeads2k
committed
update controller roles
1 parent 5c3d1c9 commit 0818d57

File tree

2 files changed

+63
-9
lines changed

2 files changed

+63
-9
lines changed

pkg/cmd/server/bootstrappolicy/controller_policy.go

+3-1
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,7 @@ func init() {
9393
ObjectMeta: metav1.ObjectMeta{Name: saRolePrefix + InfraBuildControllerServiceAccountName},
9494
Rules: []rbac.PolicyRule{
9595
rbac.NewRule("get", "list", "watch", "patch", "update", "delete").Groups(buildGroup, legacyBuildGroup).Resources("builds").RuleOrDie(),
96+
rbac.NewRule("update").Groups(buildGroup, legacyBuildGroup).Resources("builds/finalizers").RuleOrDie(),
9697
rbac.NewRule("get").Groups(buildGroup, legacyBuildGroup).Resources("buildconfigs").RuleOrDie(),
9798
rbac.NewRule("create").Groups(buildGroup, legacyBuildGroup).Resources("builds/optimizeddocker", "builds/docker", "builds/source", "builds/custom", "builds/jenkinspipeline").RuleOrDie(),
9899
rbac.NewRule("get", "list").Groups(imageGroup, legacyImageGroup).Resources("imagestreams").RuleOrDie(),
@@ -136,7 +137,8 @@ func init() {
136137
Rules: []rbac.PolicyRule{
137138
rbac.NewRule("create", "get", "list", "watch", "update", "patch", "delete").Groups(kapiGroup).Resources("replicationcontrollers").RuleOrDie(),
138139
rbac.NewRule("update").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs/status").RuleOrDie(),
139-
rbac.NewRule("get", "list", "watch", "delete").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs").RuleOrDie(),
140+
rbac.NewRule("update").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs/finalizers").RuleOrDie(),
141+
rbac.NewRule("get", "list", "watch").Groups(deployGroup, legacyDeployGroup).Resources("deploymentconfigs").RuleOrDie(),
140142
eventsRule(),
141143
},
142144
})

test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml

+60-8
Original file line numberDiff line numberDiff line change
@@ -2784,6 +2784,13 @@ items:
27842784
- patch
27852785
- update
27862786
- watch
2787+
- apiGroups:
2788+
- ""
2789+
- build.openshift.io
2790+
resources:
2791+
- builds/finalizers
2792+
verbs:
2793+
- update
27872794
- apiGroups:
27882795
- ""
27892796
- build.openshift.io
@@ -2955,13 +2962,19 @@ items:
29552962
- deploymentconfigs/status
29562963
verbs:
29572964
- update
2965+
- apiGroups:
2966+
- ""
2967+
- apps.openshift.io
2968+
resources:
2969+
- deploymentconfigs/finalizers
2970+
verbs:
2971+
- update
29582972
- apiGroups:
29592973
- ""
29602974
- apps.openshift.io
29612975
resources:
29622976
- deploymentconfigs
29632977
verbs:
2964-
- delete
29652978
- get
29662979
- list
29672980
- watch
@@ -3799,7 +3812,6 @@ items:
37993812
resources:
38003813
- cronjobs
38013814
verbs:
3802-
- delete
38033815
- get
38043816
- list
38053817
- update
@@ -3822,6 +3834,12 @@ items:
38223834
- cronjobs/status
38233835
verbs:
38243836
- update
3837+
- apiGroups:
3838+
- batch
3839+
resources:
3840+
- cronjobs/finalizers
3841+
verbs:
3842+
- update
38253843
- apiGroups:
38263844
- ""
38273845
resources:
@@ -3849,20 +3867,28 @@ items:
38493867
name: system:controller:daemon-set-controller
38503868
rules:
38513869
- apiGroups:
3870+
- apps
38523871
- extensions
38533872
resources:
38543873
- daemonsets
38553874
verbs:
3856-
- delete
38573875
- get
38583876
- list
38593877
- watch
38603878
- apiGroups:
3879+
- apps
38613880
- extensions
38623881
resources:
38633882
- daemonsets/status
38643883
verbs:
38653884
- update
3885+
- apiGroups:
3886+
- apps
3887+
- extensions
3888+
resources:
3889+
- daemonsets/finalizers
3890+
verbs:
3891+
- update
38663892
- apiGroups:
38673893
- ""
38683894
resources:
@@ -3922,7 +3948,6 @@ items:
39223948
resources:
39233949
- deployments
39243950
verbs:
3925-
- delete
39263951
- get
39273952
- list
39283953
- update
@@ -3934,6 +3959,13 @@ items:
39343959
- deployments/status
39353960
verbs:
39363961
- update
3962+
- apiGroups:
3963+
- apps
3964+
- extensions
3965+
resources:
3966+
- deployments/finalizers
3967+
verbs:
3968+
- update
39373969
- apiGroups:
39383970
- extensions
39393971
resources:
@@ -4199,7 +4231,6 @@ items:
41994231
resources:
42004232
- jobs
42014233
verbs:
4202-
- delete
42034234
- get
42044235
- list
42054236
- update
@@ -4210,6 +4241,12 @@ items:
42104241
- jobs/status
42114242
verbs:
42124243
- update
4244+
- apiGroups:
4245+
- batch
4246+
resources:
4247+
- jobs/finalizers
4248+
verbs:
4249+
- update
42134250
- apiGroups:
42144251
- ""
42154252
resources:
@@ -4451,7 +4488,6 @@ items:
44514488
resources:
44524489
- replicasets
44534490
verbs:
4454-
- delete
44554491
- get
44564492
- list
44574493
- update
@@ -4462,6 +4498,12 @@ items:
44624498
- replicasets/status
44634499
verbs:
44644500
- update
4501+
- apiGroups:
4502+
- extensions
4503+
resources:
4504+
- replicasets/finalizers
4505+
verbs:
4506+
- update
44654507
- apiGroups:
44664508
- ""
44674509
resources:
@@ -4496,7 +4538,6 @@ items:
44964538
resources:
44974539
- replicationcontrollers
44984540
verbs:
4499-
- delete
45004541
- get
45014542
- list
45024543
- update
@@ -4507,6 +4548,12 @@ items:
45074548
- replicationcontrollers/status
45084549
verbs:
45094550
- update
4551+
- apiGroups:
4552+
- ""
4553+
resources:
4554+
- replicationcontrollers/finalizers
4555+
verbs:
4556+
- update
45104557
- apiGroups:
45114558
- ""
45124559
resources:
@@ -4677,7 +4724,6 @@ items:
46774724
resources:
46784725
- statefulsets
46794726
verbs:
4680-
- delete
46814727
- get
46824728
- list
46834729
- watch
@@ -4687,6 +4733,12 @@ items:
46874733
- statefulsets/status
46884734
verbs:
46894735
- update
4736+
- apiGroups:
4737+
- apps
4738+
resources:
4739+
- statefulsets/finalizers
4740+
verbs:
4741+
- update
46904742
- apiGroups:
46914743
- ""
46924744
resources:

0 commit comments

Comments
 (0)