From fdac917b6b51842e5fbe91d5d44d33bd8c3be636 Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Mon, 29 Apr 2024 13:59:48 -0700 Subject: [PATCH] fix: Add /metrics non-resource URL to rbac --- .../collector/parser/processor/processor_k8sattributes.go | 4 ++++ .../parser/processor/processor_k8sattributes_test.go | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/internal/manifests/collector/parser/processor/processor_k8sattributes.go b/internal/manifests/collector/parser/processor/processor_k8sattributes.go index 293411acbf..5c59f857bd 100644 --- a/internal/manifests/collector/parser/processor/processor_k8sattributes.go +++ b/internal/manifests/collector/parser/processor/processor_k8sattributes.go @@ -62,6 +62,10 @@ func (o *K8sAttributesParser) GetRBACRules() []rbacv1.PolicyRule { Resources: []string{"replicasets"}, Verbs: []string{"get", "watch", "list"}, }, + { + NonResourceURLs: []string{"/metrics"}, + Verbs: []string{"get"}, + }, } extractCfg, ok := o.config["extract"] diff --git a/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go b/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go index c6328cc51f..795f148b16 100644 --- a/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go +++ b/internal/manifests/collector/parser/processor/processor_k8sattributes_test.go @@ -45,6 +45,10 @@ func TestK8sAttributesRBAC(t *testing.T) { Resources: []string{"replicasets"}, Verbs: []string{"get", "watch", "list"}, }, + { + NonResourceURLs: []string{"/metrics"}, + Verbs: []string{"get"}, + }, }, }, { @@ -67,6 +71,10 @@ func TestK8sAttributesRBAC(t *testing.T) { Resources: []string{"replicasets"}, Verbs: []string{"get", "watch", "list"}, }, + { + NonResourceURLs: []string{"/metrics"}, + Verbs: []string{"get"}, + }, { APIGroups: []string{""}, Resources: []string{"nodes"},