From 6ce6e25dcc9c95f1aae5a16c4de620204552a858 Mon Sep 17 00:00:00 2001 From: ytimocin Date: Sun, 24 Nov 2024 08:28:59 -0800 Subject: [PATCH 1/2] Changing permissions of UCP - removing unused permissions Signed-off-by: ytimocin --- deploy/Chart/templates/ucp/rbac.yaml | 57 ++++++++++------------------ 1 file changed, 19 insertions(+), 38 deletions(-) diff --git a/deploy/Chart/templates/ucp/rbac.yaml b/deploy/Chart/templates/ucp/rbac.yaml index e41c1d6fe8..249414b607 100644 --- a/deploy/Chart/templates/ucp/rbac.yaml +++ b/deploy/Chart/templates/ucp/rbac.yaml @@ -7,51 +7,32 @@ metadata: app.kubernetes.io/part-of: radius rules: - apiGroups: - - "" + - "" resources: - - configmaps - - secrets - - services + - secrets verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - create + - delete + - get + - update + - apiGroups: - - apps + - ucp.dev resources: - - deployments - - statefulsets + - resources verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - create + - delete + - get + - list + - update + - apiGroups: - - ucp.dev + - ucp.dev resources: - - resources - - queuemessages + - queuemessages verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - api.ucp.dev - resources: - - '*' - verbs: - - '*' + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -67,4 +48,4 @@ roleRef: subjects: - kind: ServiceAccount name: ucp - namespace: {{ .Release.Namespace }} \ No newline at end of file + namespace: {{ .Release.Namespace }} From 1accbb7ed23e547877b8ae533698d04a8062849d Mon Sep 17 00:00:00 2001 From: ytimocin Date: Sun, 24 Nov 2024 11:15:13 -0800 Subject: [PATCH 2/2] Commenting this test out to see if the rest of tests will pass Signed-off-by: ytimocin --- deploy/Chart/templates/ucp/rbac.yaml | 61 +++++++++++++++------------- 1 file changed, 33 insertions(+), 28 deletions(-) diff --git a/deploy/Chart/templates/ucp/rbac.yaml b/deploy/Chart/templates/ucp/rbac.yaml index 249414b607..d1425f4c45 100644 --- a/deploy/Chart/templates/ucp/rbac.yaml +++ b/deploy/Chart/templates/ucp/rbac.yaml @@ -6,33 +6,38 @@ metadata: app.kubernetes.io/name: ucp app.kubernetes.io/part-of: radius rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - update -- apiGroups: - - ucp.dev - resources: - - resources - verbs: - - create - - delete - - get - - list - - update + - apiGroups: + - ucp.dev + resources: + - resources + - queuemessages + verbs: + - create + - delete + - get + - list + - update -- apiGroups: - - ucp.dev - resources: - - queuemessages - verbs: - - create + - apiGroups: + - api.ucp.dev + resources: + - "*" + verbs: + - create + - delete + - get + - list + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -46,6 +51,6 @@ roleRef: kind: ClusterRole name: ucp subjects: -- kind: ServiceAccount - name: ucp - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: ucp + namespace: {{ .Release.Namespace }}