Skip to content
Permalink
Browse files

Merge pull request #1224 from mengqiy/editorrole

🐛 end users should not have permissions to edit */status
  • Loading branch information
k8s-ci-robot committed Nov 25, 2019
2 parents 2dbcb44 + d360f01 commit fc60d25463298ee14da3ccb0f6c9cb9cc70af94d
@@ -50,7 +50,7 @@ func (g *CRDEditorRole) Validate() error {
return g.Resource.Validate()
}

const crdRoleEditorTemplate = `# permissions to do edit {{ .Resource.Resource }}.
const crdRoleEditorTemplate = `# permissions for end users to edit {{ .Resource.Resource }}.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -74,6 +74,4 @@ rules:
- {{ .Resource.Resource }}/status
verbs:
- get
- patch
- update
`
@@ -50,7 +50,7 @@ func (g *CRDViewerRole) Validate() error {
return g.Resource.Validate()
}

const crdRoleViewerTemplate = `# permissions to do viewer {{ .Resource.Resource }}.
const crdRoleViewerTemplate = `# permissions for end users to view {{ .Resource.Resource }}.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -1,4 +1,4 @@
# permissions to do edit admirals.
# permissions for end users to edit admirals.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -22,5 +22,3 @@ rules:
- admirals/status
verbs:
- get
- patch
- update
@@ -1,4 +1,4 @@
# permissions to do viewer admirals.
# permissions for end users to view admirals.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -1,4 +1,4 @@
# permissions to do edit captains.
# permissions for end users to edit captains.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -22,5 +22,3 @@ rules:
- captains/status
verbs:
- get
- patch
- update
@@ -1,4 +1,4 @@
# permissions to do viewer captains.
# permissions for end users to view captains.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -1,4 +1,4 @@
# permissions to do edit firstmates.
# permissions for end users to edit firstmates.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -22,5 +22,3 @@ rules:
- firstmates/status
verbs:
- get
- patch
- update
@@ -1,4 +1,4 @@
# permissions to do viewer firstmates.
# permissions for end users to view firstmates.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

0 comments on commit fc60d25

Please sign in to comment.
You can’t perform that action at this time.