chore(operator): read-only RBAC for KeptnConfig controller (#1096)

keptn · Mar 24, 2023 · ea91ff3 · ea91ff3
1 parent e49b5a3
commit ea91ff3
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 15 deletions.
diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml
@@ -322,24 +322,12 @@ rules:
   resources:
   - keptnconfigs
   verbs:
-  - create
-  - delete
   - get
   - list
-  - patch
-  - update
   - watch
-- apiGroups:
-  - options.keptn.sh
-  resources:
-  - keptnconfigs/finalizers
-  verbs:
-  - update
 - apiGroups:
   - options.keptn.sh
   resources:
   - keptnconfigs/status
   verbs:
   - get
-  - patch
-  - update
diff --git a/operator/controllers/options/keptnconfig_controller.go b/operator/controllers/options/keptnconfig_controller.go
@@ -40,9 +40,8 @@ type KeptnConfigReconciler struct {
 	LastAppliedSpec *optionsv1alpha1.KeptnConfigSpec
 }
 
-// +kubebuilder:rbac:groups=options.keptn.sh,resources=keptnconfigs,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=options.keptn.sh,resources=keptnconfigs/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups=options.keptn.sh,resources=keptnconfigs/finalizers,verbs=update
+// +kubebuilder:rbac:groups=options.keptn.sh,resources=keptnconfigs,verbs=get;list;watch
+// +kubebuilder:rbac:groups=options.keptn.sh,resources=keptnconfigs/status,verbs=get
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.