Skip to content

Commit

Permalink
Merge pull request #20852 from luksa/service_catalog_namespaced_rbac
Browse files Browse the repository at this point in the history 
Add namespaced servicebrokers, serviceclasses and serviceplans to adm…
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot authored Sep 5, 2018
2 parents a57e2cc + 7d0e205 commit 3959edd
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions pkg/oc/clusteradd/components/service-catalog/service_catalog.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ func getServiceCatalogClusterRoles() []rbacv1.ClusterRole {
Labels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-admin": "true"},
},
Rules: []rbacv1.PolicyRule{
rbacv1helpers.NewRule("create", "update", "delete", "get", "list", "watch", "patch").Groups("servicecatalog.k8s.io").Resources("serviceinstances", "servicebindings").RuleOrDie(),
rbacv1helpers.NewRule("create", "update", "delete", "get", "list", "watch", "patch").Groups("servicecatalog.k8s.io").Resources("serviceinstances", "servicebindings", "servicebrokers", "serviceclasses", "serviceplans").RuleOrDie(),
rbacv1helpers.NewRule("create", "update", "delete", "get", "list", "watch").Groups("settings.k8s.io").Resources("podpresets").RuleOrDie(),
},
},
Expand All @@ -130,7 +130,7 @@ func getServiceCatalogClusterRoles() []rbacv1.ClusterRole {
Labels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-edit": "true"},
},
Rules: []rbacv1.PolicyRule{
rbacv1helpers.NewRule("create", "update", "delete", "get", "list", "watch", "patch").Groups("servicecatalog.k8s.io").Resources("serviceinstances", "servicebindings").RuleOrDie(),
rbacv1helpers.NewRule("create", "update", "delete", "get", "list", "watch", "patch").Groups("servicecatalog.k8s.io").Resources("serviceinstances", "servicebindings", "servicebrokers", "serviceclasses", "serviceplans").RuleOrDie(),
rbacv1helpers.NewRule("create", "update", "delete", "get", "list", "watch").Groups("settings.k8s.io").Resources("podpresets").RuleOrDie(),
},
},
Expand All @@ -140,7 +140,7 @@ func getServiceCatalogClusterRoles() []rbacv1.ClusterRole {
Labels: map[string]string{"rbac.authorization.k8s.io/aggregate-to-view": "true"},
},
Rules: []rbacv1.PolicyRule{
rbacv1helpers.NewRule("get", "list", "watch").Groups("servicecatalog.k8s.io").Resources("serviceinstances", "servicebindings").RuleOrDie(),
rbacv1helpers.NewRule("get", "list", "watch").Groups("servicecatalog.k8s.io").Resources("serviceinstances", "servicebindings", "servicebrokers", "serviceclasses", "serviceplans").RuleOrDie(),
},
},
{
Expand Down

0 comments on commit 3959edd

Please sign in to comment.