Skip to content

Commit

Permalink
Fix *.user.openshift.io RBAC (#86)
Browse files Browse the repository at this point in the history
Was not noticed because usage profiles require elevated permissions.
  • Loading branch information
bastjan authored Mar 12, 2024
1 parent 76b0f57 commit 85201d8
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 10 deletions.
18 changes: 9 additions & 9 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -80,31 +80,31 @@ rules:
- patch
- update
- apiGroups:
- group.openshift.io
- rbac.authorization.k8s.io
resources:
- users
- clusterrolebindings
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- rolebindings
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
- user.openshift.io
resources:
- rolebindings
- groups
verbs:
- create
- delete
- get
- list
- patch
Expand Down
2 changes: 1 addition & 1 deletion controllers/groupsync_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ const OrganizationMembersManifestName = "members"

const UpstreamFinalizerPrefix = "agent.appuio.io/group-zone-"

//+kubebuilder:rbac:groups=group.openshift.io,resources=users,verbs=get;list;watch;update;patch;create;delete
//+kubebuilder:rbac:groups=user.openshift.io,resources=groups,verbs=get;list;watch;update;patch;create;delete

// Reconcile syncs the Group with the upstream OrganizationMembers or Team resource from the foreign (Control-API) cluster.
func (r *GroupSyncReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
Expand Down

0 comments on commit 85201d8

Please sign in to comment.