Merge pull request #18977 from openshift-cherrypick-robot/cherry-pick-18971-to-release-3.9

[release-3.9] UPSTREAM: <carry>: Remove write permissions on daemonsets from Kubernetes bootstrap policy

Author: deads2k

test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml

@@ -4818,7 +4818,6 @@ items:
   - apiGroups:
     - apps
     resources:
-    - daemonsets
     - deployments
     - deployments/rollback
     - deployments/scale
@@ -4834,6 +4833,14 @@ items:
     - patch
     - update
     - watch
+  - apiGroups:
+    - apps
+    resources:
+    - daemonsets
+    verbs:
+    - get
+    - list
+    - watch
   - apiGroups:
     - autoscaling
     resources:
@@ -4864,7 +4871,6 @@ items:
   - apiGroups:
     - extensions
     resources:
-    - daemonsets
     - deployments
     - deployments/rollback
     - deployments/scale
@@ -4881,6 +4887,14 @@ items:
     - patch
     - update
     - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - daemonsets
+    verbs:
+    - get
+    - list
+    - watch
   - apiGroups:
     - policy
     resources:
@@ -4997,7 +5011,6 @@ items:
   - apiGroups:
     - apps
     resources:
-    - daemonsets
     - deployments
     - deployments/rollback
     - deployments/scale
@@ -5013,6 +5026,14 @@ items:
     - patch
     - update
     - watch
+  - apiGroups:
+    - apps
+    resources:
+    - daemonsets
+    verbs:
+    - get
+    - list
+    - watch
   - apiGroups:
     - autoscaling
     resources:
@@ -5043,7 +5064,6 @@ items:
   - apiGroups:
     - extensions
     resources:
-    - daemonsets
     - deployments
     - deployments/rollback
     - deployments/scale
@@ -5060,6 +5080,14 @@ items:
     - patch
     - update
     - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - daemonsets
+    verbs:
+    - get
+    - list
+    - watch
   - apiGroups:
     - policy
     resources:

test/testdata/bootstrappolicy/bootstrap_policy_file.yaml

@@ -5276,7 +5276,6 @@ items:
     - apps
     attributeRestrictions: null
     resources:
-    - daemonsets
     - deployments
     - deployments/rollback
     - deployments/scale
@@ -5292,6 +5291,15 @@ items:
     - patch
     - update
     - watch
+  - apiGroups:
+    - apps
+    attributeRestrictions: null
+    resources:
+    - daemonsets
+    verbs:
+    - get
+    - list
+    - watch
   - apiGroups:
     - autoscaling
     attributeRestrictions: null
@@ -5325,7 +5333,6 @@ items:
     - extensions
     attributeRestrictions: null
     resources:
-    - daemonsets
     - deployments
     - deployments/rollback
     - deployments/scale
@@ -5342,6 +5349,15 @@ items:
     - patch
     - update
     - watch
+  - apiGroups:
+    - extensions
+    attributeRestrictions: null
+    resources:
+    - daemonsets
+    verbs:
+    - get
+    - list
+    - watch
   - apiGroups:
     - policy
     attributeRestrictions: null
@@ -5467,7 +5483,6 @@ items:
     - apps
     attributeRestrictions: null
     resources:
-    - daemonsets
     - deployments
     - deployments/rollback
     - deployments/scale
@@ -5483,6 +5498,15 @@ items:
     - patch
     - update
     - watch
+  - apiGroups:
+    - apps
+    attributeRestrictions: null
+    resources:
+    - daemonsets
+    verbs:
+    - get
+    - list
+    - watch
   - apiGroups:
     - autoscaling
     attributeRestrictions: null
@@ -5516,7 +5540,6 @@ items:
     - extensions
     attributeRestrictions: null
     resources:
-    - daemonsets
     - deployments
     - deployments/rollback
     - deployments/scale
@@ -5533,6 +5556,15 @@ items:
     - patch
     - update
     - watch
+  - apiGroups:
+    - extensions
+    attributeRestrictions: null
+    resources:
+    - daemonsets
+    verbs:
+    - get
+    - list
+    - watch
   - apiGroups:
     - policy
     attributeRestrictions: null