From 85165b40faad80ee8e839a7c948ddec871dee576 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Mon, 25 Feb 2019 11:40:44 -0500 Subject: [PATCH] Update RBAC roles for networking.k8s.io ingresses --- plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go | 4 ++-- .../rbac/bootstrappolicy/testdata/cluster-roles.yaml | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go index 6366dc1c83..a15224ec0c 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go @@ -284,7 +284,7 @@ func ClusterRoles() []rbacv1.ClusterRole { rbacv1helpers.NewRule(Write...).Groups(policyGroup).Resources("poddisruptionbudgets").RuleOrDie(), - rbacv1helpers.NewRule(Write...).Groups(networkingGroup).Resources("networkpolicies").RuleOrDie(), + rbacv1helpers.NewRule(Write...).Groups(networkingGroup).Resources("networkpolicies", "ingresses").RuleOrDie(), }, }, { @@ -317,7 +317,7 @@ func ClusterRoles() []rbacv1.ClusterRole { rbacv1helpers.NewRule(Read...).Groups(policyGroup).Resources("poddisruptionbudgets").RuleOrDie(), - rbacv1helpers.NewRule(Read...).Groups(networkingGroup).Resources("networkpolicies").RuleOrDie(), + rbacv1helpers.NewRule(Read...).Groups(networkingGroup).Resources("networkpolicies", "ingresses").RuleOrDie(), }, }, { diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml index f00ff04eb6..a0c5f86f7c 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml @@ -211,6 +211,7 @@ items: - apiGroups: - networking.k8s.io resources: + - ingresses - networkpolicies verbs: - create @@ -326,6 +327,7 @@ items: - apiGroups: - networking.k8s.io resources: + - ingresses - networkpolicies verbs: - get