fix: desktop rbac for delete request of user.

Signed-off-by: yy <lingdie.yy@outlook.com>
labring · Nov 16, 2023 · 52bb298 · 52bb298
1 parent 87a14ea
commit 52bb298
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 0 deletions.
diff --git a/controllers/user/deploy/manifests/rbac.yaml b/controllers/user/deploy/manifests/rbac.yaml
@@ -68,3 +68,35 @@ rules:
       - operationrequests/status
     verbs:
       - get
+---
+# permissions for end users to edit deleterequests.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: operationrequest-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: user
+    app.kubernetes.io/part-of: user
+    app.kubernetes.io/managed-by: kustomize
+  name: operationrequest-editor-role
+rules:
+  - apiGroups:
+      - user.sealos.io
+    resources:
+      - operationrequests
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - user.sealos.io
+    resources:
+      - operationrequests/status
+    verbs:
+      - get
diff --git a/frontend/desktop/deploy/manifests/rbac.yaml b/frontend/desktop/deploy/manifests/rbac.yaml
@@ -35,6 +35,19 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: operationrequest-editor-role
+subjects:
+  - kind: ServiceAccount
+    name: desktop-frontend
+    namespace: sealos
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: desktop-deleterequest-editor-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: deleterequest-editor-role
 subjects:
   - kind: ServiceAccount
     name: desktop-frontend