Skip to content

Commit

Permalink
Merge pull request #2775 from OdedViner/ceph_rook_rbac
Browse files Browse the repository at this point in the history 
Reducing the ceph.rook.io group privileges
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] committed Sep 2, 2024
2 parents b2c67c1 + 7de8ba1 commit b300e13
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 55 deletions.
20 changes: 2 additions & 18 deletions config/rbac/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,32 +56,16 @@ rules:
- ceph.rook.io
resources:
- cephblockpoolradosnamespaces
verbs:
- '*'
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- ceph.rook.io
resources:
- cephblockpools
- cephclients
- cephclusters
- cephfilesystems
- cephfilesystemsubvolumegroups
- cephnfses
- cephobjectstores
- cephobjectstoreusers
- cephrbdmirrors
verbs:
- '*'
- apiGroups:
- ceph.rook.io
resources:
- cephclients
- cephfilesystemsubvolumegroups
verbs:
- create
- delete
- get
Expand Down
2 changes: 1 addition & 1 deletion controllers/storagecluster/reconcile.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ var validTopologyLabelKeys = []string{
}

// +kubebuilder:rbac:groups=ocs.openshift.io,resources=*,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=ceph.rook.io,resources=cephclusters;cephblockpools;cephfilesystems;cephnfses;cephobjectstores;cephobjectstoreusers;cephrbdmirrors;cephblockpoolradosnamespaces,verbs=*
// +kubebuilder:rbac:groups=ceph.rook.io,resources=cephclusters;cephblockpools;cephfilesystems;cephnfses;cephobjectstores;cephobjectstoreusers;cephrbdmirrors;cephblockpoolradosnamespaces,verbs=get;list;watch;create;update;delete
// +kubebuilder:rbac:groups=noobaa.io,resources=noobaas,verbs=get;list;watch;create;update;delete
// +kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses,verbs=watch;create;delete;get;list
// +kubebuilder:rbac:groups=core,resources=pods;services;serviceaccounts;endpoints;persistentvolumes;persistentvolumeclaims;events;configmaps;secrets;nodes,verbs=*
Expand Down
20 changes: 2 additions & 18 deletions deploy/csv-templates/ocs-operator.csv.yaml.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,32 +227,16 @@ spec:
- ceph.rook.io
resources:
- cephblockpoolradosnamespaces
verbs:
- '*'
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- ceph.rook.io
resources:
- cephblockpools
- cephclients
- cephclusters
- cephfilesystems
- cephfilesystemsubvolumegroups
- cephnfses
- cephobjectstores
- cephobjectstoreusers
- cephrbdmirrors
verbs:
- '*'
- apiGroups:
- ceph.rook.io
resources:
- cephclients
- cephfilesystemsubvolumegroups
verbs:
- create
- delete
- get
Expand Down
20 changes: 2 additions & 18 deletions deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,32 +236,16 @@ spec:
- ceph.rook.io
resources:
- cephblockpoolradosnamespaces
verbs:
- '*'
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- ceph.rook.io
resources:
- cephblockpools
- cephclients
- cephclusters
- cephfilesystems
- cephfilesystemsubvolumegroups
- cephnfses
- cephobjectstores
- cephobjectstoreusers
- cephrbdmirrors
verbs:
- '*'
- apiGroups:
- ceph.rook.io
resources:
- cephclients
- cephfilesystemsubvolumegroups
verbs:
- create
- delete
- get
Expand Down

0 comments on commit b300e13

Please sign in to comment.