Add permission to get/list configmaps for member

Change-Id: I7e733cda9010a5dc6b97e69624ce3adce5e79d6f
2020-07-23 23:17:07 +03:00 · 2020-07-23 23:17:07 +03:00 · a61e018ce4
commit a61e018ce4
parent d2278210c7
2 changed files with 17 additions and 2 deletions
--- a/charts/rbac/templates/clusterrole-members.yaml
+++ b/charts/rbac/templates/clusterrole-members.yaml
@ -18,9 +18,9 @@ kind: ClusterRole
 metadata:
  name: rbac-members
 rules:
-# List and get pv & pvc and namespaces, nodes & pods & pod logs
+# List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs
 - apiGroups: [""]
-  resources: ["nodes", "namespaces", "persistentvolumeclaims", "persistentvolumes", "pods", "pods/log"]
+  resources: ["configmaps", "nodes", "namespaces", "persistentvolumeclaims", "persistentvolumes", "pods", "pods/log"]
  verbs: ["get", "list"]
 # List all get applications
 - apiGroups: ["apps"]
--- a/playbooks/functional.yaml
+++ b/playbooks/functional.yaml
@ -34,6 +34,15 @@
    - name: Deploy cert-manager
      shell: |
        kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.2/cert-manager.yaml
+    - name: Create a configmap for test
+      shell: |
+        cat <<EOF | kubectl apply -f-
+        apiVersion: v1
+        kind: ConfigMap
+        metadata:
+          name: test
+        data:
+          key: value
  roles:
    - name: helm-template
      helm_release_name: rbac
@ -132,3 +141,9 @@
        - certificates
        - orders
        - challenges
+
+    # List and get configmap
+    - name: Ensure listing configmaps works
+      shell: kubectl --context=test get configmaps
+    - name: Ensure getting a configmap works
+      shell: kubectl --context=test get configmap test