vexxhost/rbac-helm
Code Issues Proposed changes

Add permission to get/list configmaps for member

Browse Source 
Change-Id: I7e733cda9010a5dc6b97e69624ce3adce5e79d6f
This commit is contained in:
okozachenko 2020-07-23 23:17:07 +03:00
parent d2278210c7
commit a61e018ce4
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/rbac/templates/clusterrole-members.yaml
View File

@ -18,9 +18,9 @@ kind: ClusterRole
metadata: metadata:
name: rbac-members name: rbac-members
rules: rules:
# List and get pv & pvc and namespaces, nodes & pods & pod logs # List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs
- apiGroups: [""] - apiGroups: [""]
resources: ["nodes", "namespaces", "persistentvolumeclaims", "persistentvolumes", "pods", "pods/log"] resources: ["configmaps", "nodes", "namespaces", "persistentvolumeclaims", "persistentvolumes", "pods", "pods/log"]
verbs: ["get", "list"] verbs: ["get", "list"]
# List all get applications # List all get applications
- apiGroups: ["apps"] - apiGroups: ["apps"]

15
playbooks/functional.yaml
View File

@ -34,6 +34,15 @@
- name: Deploy cert-manager - name: Deploy cert-manager
shell: | shell: |
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.2/cert-manager.yaml kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.2/cert-manager.yaml
- name: Create a configmap for test
shell: |
cat <<EOF | kubectl apply -f-
apiVersion: v1
kind: ConfigMap
metadata:
name: test
data:
key: value
roles: roles:
- name: helm-template - name: helm-template
helm_release_name: rbac helm_release_name: rbac
@ -132,3 +141,9 @@
- certificates - certificates
- orders - orders
- challenges - challenges
# List and get configmap
- name: Ensure listing configmaps works
shell: kubectl --context=test get configmaps
- name: Ensure getting a configmap works
shell: kubectl --context=test get configmap test