From e5f61f50a899b652626d1855b3ba313b0a93dab5 Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Wed, 4 Sep 2024 16:33:01 +0800 Subject: [PATCH] fix: aggregate clusterrole to admission controller Signed-off-by: ShutingZhao --- .../permissions.yaml | 1 + .../chainsaw-step-01-apply-1-1.yaml | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/permissions.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/permissions.yaml index 36bb686b7355..29f373c3a80d 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/permissions.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/permissions.yaml @@ -4,6 +4,7 @@ metadata: name: kyverno:rbac labels: rbac.kyverno.io/aggregate-to-background-controller: "true" + rbac.kyverno.io/aggregate-to-admission-controller: "true" rules: - apiGroups: - rbac.authorization.k8s.io diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-step-01-apply-1-1.yaml index 71945bc65aa7..859416a4ba65 100755 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-step-01-apply-1-1.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-step-01-apply-1-1.yaml @@ -10,15 +10,27 @@ metadata: rules: - apiGroups: - "" - - iam.aws.crossplane.io resources: - namespaces - - roles verbs: - create - update - delete - get +- apiGroups: + - iam.aws.crossplane.io + resources: + - roles + verbs: + - list + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - list + - get - apiGroups: - kyverno.io resources: