Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make RBAC rules spec supports ResourceNames and NonResourceURLs; #10755

Merged
merged 1 commit into from Oct 18, 2019
Merged

Make RBAC rules spec supports ResourceNames and NonResourceURLs; #10755

merged 1 commit into from Oct 18, 2019

Conversation

ycliuhw
Copy link
Member

@ycliuhw ycliuhw commented Oct 18, 2019

Description of change

Make RBAC rules spec supports ResourceNames and NonResourceURLs;

QA steps

  • deploy charms with below RBAC spec;
serviceAccount:
  automountServiceAccountToken: true
  global: true
  rules:
    - apiGroups: [""]
      resources: ["pods"]
      verbs: ["get", "watch", "list"]
    - nonResourceURLs: ["*"]
      verbs: ["*"]
  • check resource created;
$ mkubectl get clusterrole t1-mariadb-k8s -oyaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: "2019-10-18T01:48:11Z"
  labels:
    juju-app: mariadb-k8s
    juju-model: t1
  name: t1-mariadb-k8s
  resourceVersion: "86364"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/t1-mariadb-k8s
  uid: e1f7e68a-2827-4cdf-bc2e-050d8fb41cff
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
  - watch
  - list
- nonResourceURLs:
  - '*'
  verbs:
  - '*'

Documentation changes

None

Bug reference

https://bugs.launchpad.net/juju/+bug/1848540

@ycliuhw
Copy link
Member Author

ycliuhw commented Oct 18, 2019

https://bugs.launchpad.net/juju/+bug/1848540

@ycliuhw
Copy link
Member Author

ycliuhw commented Oct 18, 2019

$$merge$$

@ycliuhw
Copy link
Member Author

ycliuhw commented Oct 18, 2019

network error

$$merge$$

1 similar comment
@ycliuhw
Copy link
Member Author

ycliuhw commented Oct 18, 2019

network error

$$merge$$

@wallyworld
Copy link
Member

$$merge$$

4 similar comments
@wallyworld
Copy link
Member

$$merge$$

@wallyworld
Copy link
Member

$$merge$$

@wallyworld
Copy link
Member

$$merge$$

@wallyworld
Copy link
Member

$$merge$$

@jujubot jujubot merged commit 4907fcc into juju:develop Oct 18, 2019
@ycliuhw ycliuhw deleted the fix/rbac-omit-apigroups branch October 18, 2019 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wallyworld wallyworld wallyworld approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@ycliuhw @wallyworld @jujubot