From e6e6ad8c3c2265c57cfdcc514ee786112d5dacae Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Tue, 11 Aug 2020 14:43:43 +0200 Subject: [PATCH] Sync RBAC rules from Manila operator It needs to read/write ConfigMaps too. --- .../manila/05_clusterrole.yaml | 16 ++++++++++++---- pkg/generated/bindata.go | 16 ++++++++++++---- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/assets/csidriveroperators/manila/05_clusterrole.yaml b/assets/csidriveroperators/manila/05_clusterrole.yaml index dc567eeb2..f803ef2d4 100644 --- a/assets/csidriveroperators/manila/05_clusterrole.yaml +++ b/assets/csidriveroperators/manila/05_clusterrole.yaml @@ -11,15 +11,23 @@ rules: - securitycontextconstraints verbs: - use + +# The operator needs these config maps: +# - read/write openshift-manila-csi-driver/cloud-provider-config +# - read-only kube-system/extension-apiserver-authentication +# - read/write manila-csi-driver-operator-lock - apiGroups: - '' - resourceNames: - - extension-apiserver-authentication - - manila-csi-driver-operator-lock resources: - configmaps verbs: - - '*' + - watch + - list + - get + - create + - delete + - patch + - update - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/pkg/generated/bindata.go b/pkg/generated/bindata.go index 2dfa7518b..f073ef961 100644 --- a/pkg/generated/bindata.go +++ b/pkg/generated/bindata.go @@ -750,15 +750,23 @@ rules: - securitycontextconstraints verbs: - use + +# The operator needs these config maps: +# - read/write openshift-manila-csi-driver/cloud-provider-config +# - read-only kube-system/extension-apiserver-authentication +# - read/write manila-csi-driver-operator-lock - apiGroups: - '' - resourceNames: - - extension-apiserver-authentication - - manila-csi-driver-operator-lock resources: - configmaps verbs: - - '*' + - watch + - list + - get + - create + - delete + - patch + - update - apiGroups: - rbac.authorization.k8s.io resources: