-
Notifications
You must be signed in to change notification settings - Fork 444
/
rbac_utils.go
112 lines (108 loc) · 3.23 KB
/
rbac_utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package test
import "github.com/solo-io/k8s-utils/manifesttestutils"
func GetServiceAccountPermissions(namespace string) *manifesttestutils.ServiceAccountPermissions {
permissions := &manifesttestutils.ServiceAccountPermissions{}
// Gloo
permissions.AddExpectedPermission(
"gloo-system.gloo",
namespace,
[]string{""},
[]string{"pods", "services", "configmaps", "namespaces", "secrets", "endpoints"},
[]string{"get", "list", "watch"})
permissions.AddExpectedPermission(
"gloo-system.gloo",
namespace,
[]string{""},
[]string{"configmaps"},
[]string{"*"},
)
permissions.AddExpectedPermission(
"gloo-system.gloo",
namespace,
[]string{"coordination.k8s.io"},
[]string{"leases"},
[]string{"*"},
)
permissions.AddExpectedPermission(
"gloo-system.gloo",
namespace,
[]string{"gloo.solo.io"},
[]string{"upstreams", "upstreamgroups", "proxies"},
[]string{"get", "list", "watch", "patch"})
permissions.AddExpectedPermission(
"gloo-system.gloo",
namespace,
[]string{"gateway.solo.io"},
[]string{"gateways", "httpgateways", "tcpgateways", "virtualservices", "routetables", "virtualhostoptions", "routeoptions"},
[]string{"get", "list", "watch", "patch"})
permissions.AddExpectedPermission(
"gloo-system.gloo",
namespace,
[]string{"gloo.solo.io"},
[]string{"proxies"},
[]string{"get", "list", "watch", "update", "patch", "create", "delete"})
permissions.AddExpectedPermission(
"gloo-system.gloo",
namespace,
[]string{"gloo.solo.io"},
[]string{"settings"},
[]string{"get", "list", "watch"})
permissions.AddExpectedPermission(
"gloo-system.gloo",
namespace,
[]string{"enterprise.gloo.solo.io"},
[]string{"authconfigs"},
[]string{"get", "list", "watch", "patch"})
permissions.AddExpectedPermission(
"gloo-system.gloo",
namespace,
[]string{"ratelimit.solo.io"},
[]string{"ratelimitconfigs", "ratelimitconfigs/status"},
[]string{"get", "list", "watch", "patch", "update"})
permissions.AddExpectedPermission(
"gloo-system.gloo",
namespace,
[]string{"graphql.gloo.solo.io"},
[]string{"graphqlapis", "graphqlapis/status"},
[]string{"get", "list", "watch", "patch", "update"})
// Discovery
permissions.AddExpectedPermission(
"gloo-system.discovery",
namespace,
[]string{""},
[]string{"pods", "services", "configmaps", "namespaces", "secrets", "endpoints"},
[]string{"get", "list", "watch"})
permissions.AddExpectedPermission(
"gloo-system.discovery",
namespace,
[]string{""},
[]string{"configmaps"},
[]string{"*"},
)
permissions.AddExpectedPermission(
"gloo-system.discovery",
namespace,
[]string{"coordination.k8s.io"},
[]string{"leases"},
[]string{"*"},
)
permissions.AddExpectedPermission(
"gloo-system.discovery",
namespace,
[]string{"gloo.solo.io"},
[]string{"settings"},
[]string{"get", "list", "watch"})
permissions.AddExpectedPermission(
"gloo-system.discovery",
namespace,
[]string{"gloo.solo.io"},
[]string{"upstreams"},
[]string{"get", "list", "watch", "create", "update", "patch", "delete"})
permissions.AddExpectedPermission(
"gloo-system.discovery",
namespace,
[]string{"graphql.gloo.solo.io"},
[]string{"graphqlapis", "graphqlapis/status"},
[]string{"get", "list", "watch", "update", "patch", "create"})
return permissions
}