Skip to content

Commit

Permalink
reconciler/replicateclusterrole: replicate ClusterRoles for workspace…
Browse files Browse the repository at this point in the history 
…types with "initialize" verb

required when an SP requires access to resources (i.e. LogicalClusters) via the VW server for some workspacetype.
  • Loading branch information
@p0lyn0mial @sttts
p0lyn0mial authored and sttts committed Jan 27, 2023
1 parent 56ad664 commit cbea43c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/reconciler/tenancy/replicateclusterrole/replicateclusterrole_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func HasUseRule(clusterName logicalcluster.Name, cr *rbacv1.ClusterRole) bool {
}
resources := sets.NewString(rule.Resources...)
verbs := sets.NewString(rule.Verbs...)
if (resources.Has("workspacetypes") || resources.Has("*")) && (verbs.Has("use") || verbs.Has("*")) {
if (resources.Has("workspacetypes") || resources.Has("*")) && (verbs.Has("use") || verbs.Has("initialize") || verbs.Has("*")) {
return true
}
}
Expand Down

0 comments on commit cbea43c

Please sign in to comment.