Skip to content
This repository has been archived by the owner on Jun 26, 2024. It is now read-only.

Commit

Permalink
Add cluster role and binding for viewing ClusterWorkloadResourceMappi…
Browse files Browse the repository at this point in the history
…ng for any authenticated subject (#1175)

Signed-off-by: Pavel Macík <[email protected]>
  • Loading branch information
pmacik authored Jun 21, 2022
1 parent 7f09a38 commit 6b407d3
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 0 deletions.
16 changes: 16 additions & 0 deletions config/rbac/clusterworkloadresourcemappings_viewer_role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# permissions for end users to view bindablekinds.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: clusterworkloadresourcemappings-viewer-role
rules:
- apiGroups:
- servicebinding.io
resources:
- clusterworkloadresourcemappings
verbs:
- get
- list
- watch
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: clusterworkloadresourcemappings-viewer-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: service-binding-clusterworkloadresourcemappings-viewer-role
subjects:
- kind: Group
name: system:authenticated
apiGroup: rbac.authorization.k8s.io
2 changes: 2 additions & 0 deletions config/rbac/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ resources:
- servicebinding_viewer_role.yaml
- bindablekinds_viewer_role.yaml
- bindablekinds_viewer_rolebinding.yaml
- clusterworkloadresourcemappings_viewer_role.yaml
- clusterworkloadresourcemappings_viewer_rolebinding.yaml
- servicebinding_controller_role.yaml
- servicebinding_controller_rolebinding.yaml
# operators supproted out of the box
Expand Down

0 comments on commit 6b407d3

Please sign in to comment.