github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #37020 from deads2k/rbac-20-delegated-role 

Automatic merge from submit-queue

auth delegation role

Add a bootstrap role for authentication and authorization delegation.  Useful for extension API servers.

@kubernetes/sig-auth
pull/6/head
Kubernetes Submit Queue 2016-12-01 06:31:31 -08:00 committed by GitHub
parent e407a1fe6d 18a909edf8
commit 4c50486735
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
View File

@ -194,6 +194,15 @@ func ClusterRoles() []rbac.ClusterRole {
rbac.NewRule("list", "watch").Groups(legacyGroup).Resources("services", "endpoints").RuleOrDie(),
},
},
{
// a role to use for allowing authentication and authorization delegation
ObjectMeta: api.ObjectMeta{Name: "system:auth-delegator"},
Rules: []rbac.PolicyRule{
// These creates are non-mutating
rbac.NewRule("create").Groups(authenticationGroup).Resources("tokenreviews").RuleOrDie(),
rbac.NewRule("create").Groups(authorizationGroup).Resources("subjectaccessreviews").RuleOrDie(),
},
},
}
}