diff --git a/test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml b/test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml index 40596d549b22..d6542a6eabd5 100644 --- a/test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml +++ b/test/testdata/bootstrappolicy/bootstrap_cluster_roles.yaml @@ -4857,7 +4857,6 @@ items: - apiGroups: - apps resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -4873,6 +4872,14 @@ items: - patch - update - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - autoscaling resources: @@ -4903,7 +4910,6 @@ items: - apiGroups: - extensions resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -4920,6 +4926,14 @@ items: - patch - update - watch + - apiGroups: + - extensions + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - policy resources: @@ -5036,7 +5050,6 @@ items: - apiGroups: - apps resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -5052,6 +5065,14 @@ items: - patch - update - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - autoscaling resources: @@ -5082,7 +5103,6 @@ items: - apiGroups: - extensions resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -5099,6 +5119,14 @@ items: - patch - update - watch + - apiGroups: + - extensions + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - policy resources: diff --git a/test/testdata/bootstrappolicy/bootstrap_policy_file.yaml b/test/testdata/bootstrappolicy/bootstrap_policy_file.yaml index 2fe6f6d99a48..211b540cb55b 100644 --- a/test/testdata/bootstrappolicy/bootstrap_policy_file.yaml +++ b/test/testdata/bootstrappolicy/bootstrap_policy_file.yaml @@ -5319,7 +5319,6 @@ items: - apps attributeRestrictions: null resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -5335,6 +5334,15 @@ items: - patch - update - watch + - apiGroups: + - apps + attributeRestrictions: null + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - autoscaling attributeRestrictions: null @@ -5368,7 +5376,6 @@ items: - extensions attributeRestrictions: null resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -5385,6 +5392,15 @@ items: - patch - update - watch + - apiGroups: + - extensions + attributeRestrictions: null + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - policy attributeRestrictions: null @@ -5510,7 +5526,6 @@ items: - apps attributeRestrictions: null resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -5526,6 +5541,15 @@ items: - patch - update - watch + - apiGroups: + - apps + attributeRestrictions: null + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - autoscaling attributeRestrictions: null @@ -5559,7 +5583,6 @@ items: - extensions attributeRestrictions: null resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -5576,6 +5599,15 @@ items: - patch - update - watch + - apiGroups: + - extensions + attributeRestrictions: null + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - policy attributeRestrictions: null diff --git a/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go b/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go index b54d7c6dfdc9..774039c5267d 100644 --- a/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go +++ b/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go @@ -227,17 +227,18 @@ func ClusterRoles() []rbac.ClusterRole { rbac.NewRule("impersonate").Groups(legacyGroup).Resources("serviceaccounts").RuleOrDie(), rbac.NewRule(ReadWrite...).Groups(appsGroup).Resources("statefulsets", - "daemonsets", "deployments", "deployments/scale", "deployments/rollback", "replicasets", "replicasets/scale").RuleOrDie(), + rbac.NewRule(Read...).Groups(appsGroup).Resources("daemonsets").RuleOrDie(), rbac.NewRule(ReadWrite...).Groups(autoscalingGroup).Resources("horizontalpodautoscalers").RuleOrDie(), rbac.NewRule(ReadWrite...).Groups(batchGroup).Resources("jobs", "cronjobs").RuleOrDie(), - rbac.NewRule(ReadWrite...).Groups(extensionsGroup).Resources("daemonsets", + rbac.NewRule(ReadWrite...).Groups(extensionsGroup).Resources( "deployments", "deployments/scale", "deployments/rollback", "ingresses", "replicasets", "replicasets/scale", "replicationcontrollers/scale").RuleOrDie(), + rbac.NewRule(Read...).Groups(extensionsGroup).Resources("daemonsets").RuleOrDie(), rbac.NewRule(ReadWrite...).Groups(policyGroup).Resources("poddisruptionbudgets").RuleOrDie(), @@ -263,17 +264,18 @@ func ClusterRoles() []rbac.ClusterRole { rbac.NewRule("impersonate").Groups(legacyGroup).Resources("serviceaccounts").RuleOrDie(), rbac.NewRule(ReadWrite...).Groups(appsGroup).Resources("statefulsets", - "daemonsets", "deployments", "deployments/scale", "deployments/rollback", "replicasets", "replicasets/scale").RuleOrDie(), + rbac.NewRule(Read...).Groups(appsGroup).Resources("daemonsets").RuleOrDie(), rbac.NewRule(ReadWrite...).Groups(autoscalingGroup).Resources("horizontalpodautoscalers").RuleOrDie(), rbac.NewRule(ReadWrite...).Groups(batchGroup).Resources("jobs", "cronjobs").RuleOrDie(), - rbac.NewRule(ReadWrite...).Groups(extensionsGroup).Resources("daemonsets", + rbac.NewRule(ReadWrite...).Groups(extensionsGroup).Resources( "deployments", "deployments/scale", "deployments/rollback", "ingresses", "replicasets", "replicasets/scale", "replicationcontrollers/scale").RuleOrDie(), + rbac.NewRule(Read...).Groups(extensionsGroup).Resources("daemonsets").RuleOrDie(), rbac.NewRule(ReadWrite...).Groups(policyGroup).Resources("poddisruptionbudgets").RuleOrDie(), }, diff --git a/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml b/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml index 1e2a36c6289d..aadd273ce756 100644 --- a/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml +++ b/vendor/k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml @@ -130,7 +130,6 @@ items: - apiGroups: - apps resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -146,6 +145,14 @@ items: - patch - update - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - autoscaling resources: @@ -176,7 +183,6 @@ items: - apiGroups: - extensions resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -193,6 +199,14 @@ items: - patch - update - watch + - apiGroups: + - extensions + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - policy resources: @@ -308,7 +322,6 @@ items: - apiGroups: - apps resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -324,6 +337,14 @@ items: - patch - update - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - autoscaling resources: @@ -354,7 +375,6 @@ items: - apiGroups: - extensions resources: - - daemonsets - deployments - deployments/rollback - deployments/scale @@ -371,6 +391,14 @@ items: - patch - update - watch + - apiGroups: + - extensions + resources: + - daemonsets + verbs: + - get + - list + - watch - apiGroups: - policy resources: